Hi,
We have a requirement to run alert query for every 10 seconds and check for last 10 seconds data.
The smallest interval Splunk supports is 1 minute between alert queries, unless you use real-time alerting. Most customers don't need real-time alerts. Such small intervals are usually only useful if they will be handled by some automated process. If people will be processing them then 1 minute can be too fast (5 minutes can work well).
The smallest interval Splunk supports is 1 minute between alert queries, unless you use real-time alerting. Most customers don't need real-time alerts. Such small intervals are usually only useful if they will be handled by some automated process. If people will be processing them then 1 minute can be too fast (5 minutes can work well).
An identical thought ; - ) at how to schedule an alert to run for every 10 seconds using cron?
And @SagarSplunk, please don't shoot yourself in the foot - the minimum granularity of a minute is there for a reason ...
But still if we want to provide is there any way using which we can achieve.
It doesn't seem so...
Ok..I think we have to go to Real Time alerts.
Thanks a lot for the information. 🙂
@sagarsplunk, if this answered your question, remember to "√Accept" the answer to award karma points 🙂 You can upvote comments too.