Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert not working

trueclicks
Explorer
‎10-17-2016 02:39 AM

Hi,

easy alert ( see bellow ) is not working.
alt text

Condition meets the criteria.

alt text

  • Mail Server Settings are set by default ( spunk little).
  • Alert is triggered
  • Mail is not sent.
  • Alert action is empty. Why ?

Do I do something wrong ? or is it bug ?

Thanks for answers / ideas / recommendations.

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎10-24-2016 03:35 AM

From the screen shot splunk2.png, it looks like that when the alert run it did not return any result. That's why you have result_count="0" and alert_action="".

Please check if you are getting the results. Also check the condition of your scheduled search, on what condition do you fire an alert.

View solution in original post

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-24-2016 03:58 AM

Hi trueclicks,
I assume that you verified that your system correctly sends eMails.
Sometimes the problem is that the results are too large for the eMail body or the eMail attachment so the eMail is blocked by the mail server.
So verify unflagging attachment and results in the eMail Body.
Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you for your help.

0 Karma
Reply
Solved! Jump to solution
Solution

hardikJsheth
Motivator
‎10-24-2016 03:35 AM

From the screen shot splunk2.png, it looks like that when the alert run it did not return any result. That's why you have result_count="0" and alert_action="".

Please check if you are getting the results. Also check the condition of your scheduled search, on what condition do you fire an alert.

Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you. Problem was in my scheduled search. I wanted to fire event when the search did not have any result.
This helped:
https://answers.splunk.com/answers/127905/set-count-to-0-if-no-results-found-in-splunk-alert.html

0 Karma
Reply
Solved! Jump to solution

dkoshe_splunk
Splunk Employee
Splunk Employee
‎10-23-2016 06:18 PM

Hello,

Have you looked into splunk logs to find out if there is an error in sending emails?
Also there are a lot of answers queries around troubleshooting emails not getting sent.
See for example:
https://answers.splunk.com/answers/330817/how-to-troubleshoot-why-im-not-getting-email-alert.html
https://answers.splunk.com/answers/32498/how-to-troubleshoot-splunk-email-notification.html
https://answers.splunk.com/answers/221223/how-to-troubleshoot-why-i-am-not-receiving-emails.html
https://answers.splunk.com/answers/225648/alert-email-not-being-sent.html

Hope this helps.
-Dhananjay

0 Karma
Reply
Solved! Jump to solution

trueclicks
Explorer
‎11-03-2016 01:09 AM

Thank you for you help.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...