I want to set up a real time alerting. when setting up alert query, alert type is auto populated to "Scheduled alert". could anyone help me with this.
Hi @ramyaashok ,
If you can't set/change the type to real time, you probably don't have the permission to use real time alerts.
Talk to your Splunk Admin.
BR
Ralph