Solved: Re: How to schedule search without generating any ...

asingla · ‎11-16-2011

I am scheduling a search to run every minute. I see the splunk generates an alert every time it runs. I don't want this alert. I see some of the scheduled search which ships with the search app, they never generates these alerts though they run every 15 minutes though alert configuration option for these search are Always. If I configure my search with same settings, it generates an alert whenever it runs

asingla · ‎11-17-2011

My Bad. I didn't see the Tracking option checked. I need to unchek that.

View solution in original post

asingla · ‎11-17-2011

My Bad. I didn't see the Tracking option checked. I need to unchek that.

Takajian · ‎11-16-2011

What does alert means? Email? Could you explain what you want to prevent from being generated?

asingla · ‎11-17-2011

Search and report page (on splunk UI) has an Alert column. I see that number is increasing every time my search run as per the schedule. But for the similar settings for the searches shipped with Search App do not generate an alert. Alert settings for those searches are 'always' and retain the alert for 24 hour.

How to schedule search without generating any alert every time it runs?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases