Re: Alert set to medium severity but also creating...

palisetty · ‎01-05-2020

2020-01-05 22:14:20 India Standard Time Splunk Web login attempts   search  Real-time   High    Per Result   View results |  Edit search | Delete
2020-01-05 22:14:20 India Standard Time login   search  Real-time   Medium  Digest   View results |  Edit search | Delete

I set alert to medium severity and I set it to Once, not per result. I made 5 login failures continuously. At first, I got medium as expected but then I got High. Why is this behavior?

niketn · ‎01-05-2020

@palisetty can you share the saved search details (configuration from savedsearches.conf) or configuration screenshots from front-end? Also by any chance do you have multiple alerts configured instead of one?

Where are you seeing the above results, from Triggered Alert list or somewhere else? Please add more details for the community to assist you better.

Before posting code/configuration or screenshot on Splunk Answers please ensure you mask/anonymize any sensitive information.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Alert set to medium severity but also creating high severity under alert list

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users