Re: alert not triggering

Praz_123 · ‎01-09-2024

I have alert configure in Splunk and alert search query is generating the events but am not receiving any email alerts other alerts are working fine in my environment . I have selected "send email" in alert action In splunk .

Praz_123 · ‎01-09-2024

@inventsekar

1) is it a production environment? yes

2) the SMTP details are configured or not yet?yes

3) do you have other alerts which are sending emails?yes

4) on the search bar, when you run the sendemail command, do you get the emails?yes

inventsekar · ‎01-09-2024

Hi @Praz_123

1) the alert search query.. can you pls copy paste that here (remove the ip address, hostnames, sensitive details, etc)

2) the alert trigger conditions... results equal to 0 or greater or lesser than.. screenshot.. can you share it with us, thanks

Praz_123 · ‎01-09-2024

@inventsekar
search query :-

index="abc" sourcetype="abcd_logs" host="AbdP" Error OR Exception OR iisnode OR ERROR

the alert trigger conditions... is greater than 0, Expires = 24 hours. Cron : */5 * * * * , Time Range : Last 30 minutes.

PS: can't share the screenshot here.

inventsekar · ‎01-10-2024

Hi @Praz_123

all looks good so far..

the alert trigger actions.. did you enabled the email notification and provided your email id?

Praz_123 · ‎01-10-2024

@inventsekar

yes, when we put result = 0 it shows the result .
But if we put greater than =0 it doesn't shows the result .

inventsekar · ‎01-09-2024

Hi @Praz_123

Pls provide us more details..

1) is it a production environment?

2) the SMTP details are configured or not yet?

3) do you have other alerts which are sending emails?

4) on the search bar, when you run the sendemail command, do you get the emails?

alert not triggering

installation

troubleshooting

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!