2020-01-05 22:14:20 India Standard Time Splunk Web login attempts search Real-time High Per Result View results | Edit search | Delete
2020-01-05 22:14:20 India Standard Time login search Real-time Medium Digest View results | Edit search | Delete
I set alert to medium severity and I set it to Once, not per result. I made 5 login failures continuously. At first, I got medium as expected but then I got High. Why is this behavior?
@palisetty can you share the saved search details (configuration from savedsearches.conf
) or configuration screenshots from front-end? Also by any chance do you have multiple alerts configured instead of one?
Where are you seeing the above results, from Triggered Alert list or somewhere else? Please add more details for the community to assist you better.
Before posting code/configuration or screenshot on Splunk Answers please ensure you mask/anonymize any sensitive information.