how create alert is send email in each once appear...

abdullahalhabba · ‎04-22-2018

I have this search:
notable | where urgency="critical" | table _time source src dest user urgency | eval computer=coalesce(src,dest)

I want create alert to send email in each once appear new result, means I want send email in each once appear (new event) urgency=critical in incident review

please help me and support;

Tahnks

p_gurav · ‎04-22-2018

You can set alert mode as "once per result"

how create alert is send email in each once appear new result?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

how create alert is send email in each once appear new result?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I