Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

email alert stopped working

jng
New Member
‎07-26-2011 10:49 AM

My alert stopped emailing me today. It was fine previously. Looks like the alert didn't even noticed about the event.

Search alert:

sourcetype="access_combined_wcookie" 10.2.1.152 OR 10.2.1.153 status=500 startminutesago=1

scheduled to run every minute and alert when number of events is greater than 0

Search results:

12.50.83.238 - - [26/Jul/2011:10:36:25 -0700] "GET /android/search?pagesize=15&dapisum=5ea4825a3fc53f5e3010ead87d9624f2&cat=true&propertyType=h&sessionId=bdceNu7SbsVJHbw0RGNft&q=48066&maxRent=800&currentpage=0&minRent=600&deviceId=22a0000023e700f6&minBeds=2&version=1.0.2 HTTP1.1" 500 1229 "-" "android" "-" "74" "10.2.1.152" "8080" ""eventtype=PRDAPP12

107.50.83.238 - - [26/Jul/2011:10:36:13 -0700] "GET /android/search?pagesize=15&dapisum=5ea4825a3fc53f5e3010ead87d9624f2&cat=true&propertyType=h&sessionId=bdceNu7SbsVJHbw0RGNft&q=48066&maxRent=800&currentpage=0&minRent=600&deviceId=22a0000023e700f6&minBeds=2&version=1.0.2 HTTP1.1" 500 1229 "-" "android" "-" "153" "10.2.1.152" "8083" ""eventtype=PRDAPP12

Alert history:
07-26-2011 10:37:02.658 INFO SavedSplunker - SavedSplunker::sendQuery: Running saved_search='Alert - 1 500 on PRDAPP12 or PRDAPP13 from last minute' - result='success' - alert='number of events=0 greater than 0' - triggering - action='no action' - number of events=0

07-26-2011 10:36:02.573 INFO SavedSplunker - SavedSplunker::sendQuery: Running saved_search='Alert - 1 500 on PRDAPP12 or PRDAPP13 from last minute' - result='success' - alert='number of events=0 greater than 0' - triggering - action='no action' - number of events=0

Tags (3)
0 Karma
Reply

jng
New Member
‎08-03-2011 02:07 PM

Haha, it stopped working again. This is very strange. No idea how to fix this. Probably mothership wants me to upgrade Splunk to 4.0.

0 Karma
Reply

jng
New Member
‎07-26-2011 01:18 PM

Strange, the email alerts just started working again. Must be a bug.. I'm still on 3.4.14.

0 Karma
Reply

pero1234
Path Finder
‎07-26-2011 12:45 PM

I have the same issue but for another search! 😞
My search working, but alert don't.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...