Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Every 15 minutes after the hour, I receive the webHook, but why does my alert report "There are no fired events for this alert"?

geicosean
Engager
‎02-02-2016 12:48 PM

The search I made into an alert seems to function, but claims "There are no fired events for this alert.", yet every 15 minutes after the hour, I receive the webHook to http://requestb.in/ >.

I am in the process of making an API to receive the JSON and parse it server side. Is this what webHooks are designed for? Are there other tools I should be using to monitor errors made from a specific search? I want to compare them to previous days data with the outlook of filtering new results to a specific list, then assigning the errors based on code classes to a list of developers that would likely work on such aspects of the project.

I am lost at why my trigger is being triggered, but the trigger claims no events. Also, if what I am doing is the purpose of webHooks, is there other tooling built-in to accomplish this?

Reply

sylim_splunk
Splunk Employee
Splunk Employee
‎01-12-2017 05:39 PM

This has been documented in the link, https://docs.splunk.com/Documentation/Splunk/6.5.1/Alert/Triggeredalertaction

Add an alert to the Triggered Alerts list
1. Use one of the following options depending on whether you are creating a new alert or editing an existing alert.
* Create a new alert From the Search page in the Search and Reporting app, select Save As > Alert. Enter alert details and configure triggering and throttling as needed.
* Edit an existing alert From the Alerts page in the Search and Reporting app, select Edit>Edit actions for an existing alert.
2. From the Add Actions menu, select Add to triggered alerts.
3. Select an alert Severity level.
Severity levels are informational only. They are used to group alerts in the Triggered Alerts list. The default level is Medium.
4. Click Save.

Reply

unchura
Explorer
‎08-14-2017 12:15 PM

Thanks! It helped!

0 Karma
Reply

frobinson_splun
Splunk Employee
Splunk Employee
‎02-02-2016 02:56 PM

Hi @geicosean,
You might want to start by reviewing the following documentation resources on webhooks and setting up alerts. It sounds like a webhook is the best alert action for your use case. But, you may need to adjust the triggering condition or the search itself in order to get the alerting behavior you want.

http://docs.splunk.com/Documentation/Splunk/6.3.2/Alert/Definescheduledalerts
http://docs.splunk.com/Documentation/Splunk/6.3.2/Alert/ThrottleAlerts
http://docs.splunk.com/Documentation/Splunk/6.3.2/Alert/Webhooks

Hope this helps!

0 Karma
Reply

geicosean
Engager
‎02-03-2016 05:37 AM

Good to know I am on the right track thank you

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...