I created an Alert, is there any way to test it?

rwolinski · ‎07-14-2017

I created an alert for a condition that I want an email notification for going forward. Setting up the alert is fairly straight forward. I only want it to check at 15 minutes past the hour, for the past hour. Now that I have it created, I would like to test it, but the condition I am looking for is from earlier in the day. Is there a way to test that? I want to make sure the email addresses I entered are correct and that those groups will receive the email if the condition is encountered again in the future.

Thank you

woodcock · ‎07-14-2017

When I need to do this, I add a macro to the end of the search that will add fake data with an append [|makeresults ... for test and | noop for non-test. When testing, just change the macro.

wpreston · ‎07-14-2017

You could also test it directly from the search bar using the sendalert command. Docs here and here.

adonio · ‎07-14-2017

couple of things here:
if you know the condition existed earlier that day, just create a fake alert with same condition that searches that time range
testing the emails is straight forward, use the sendmail command as described here and verify everybody receives email.
http://docs.splunk.com/Documentation/Splunk/6.6.1/SearchReference/Sendemail#Examples
hope it helps

rwolinski · ‎07-14-2017

This worked perfectly. I everyone got the emails and exactly what we were expecting in them. Thank you.

sbbadri · ‎07-14-2017

try this

index=xxxx sourcetype=xxxx earliest= latest= rest of the query along with condition | sendemail to=\"abc@123.com\" format=\"html\" server=localhost subject=\"Alert for Data\" message=\"This is an alert for some data\" sendpdf=true"

http://docs.splunk.com/Documentation/Splunk/6.6.2/SearchReference/Sendemail

I created an Alert, is there any way to test it?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!