Hi I'm trying to set up a basic alert to trigger whenever a Host search generates new results, the corresponding alert action is an email.
The host is constantly generating new data and when a normal search is conducted, new data can be seen being ingested. So its very obvious that data exists and that Splunk sees the data. But when i save the search as an alert that is supposed to trigger "per-result", so theoretically it should be going off constantly- yet nothing is being triggered (confirmed within the trigger alerts being empty). Additionally, emails are never generated.
... View more