Hi Giuseppe,
I updated the search string as follows.
source="TestSplunklog2.log" sourcetype="TestLog2" " ABL Debug-Alert Stack Trace " earliest=-3d@d latest=-h@h
It gives me the results as 23 events when i open it in the search. But i'm still not getting the email.
Below is the alert configurations:
Alert-01
Enabled: Yes. Disable
App: search
Permissions:Private. Owned by admin. Edit
Modified:5 Jul 2019 09:32:15
Alert Type:Scheduled. Hourly, at 45 minutes past the hour. Edit
Trigger Condition:Number of Results is > 0. Edit
Actions:1 Action Send email
** I checked the "scheduler.log" and it has below entry for my alert.
07-05-2019 09:45:07.195 +0530 INFO SavedSplunker - savedsearch_id="admin;search;Alert-01", search_type="scheduled", user="admin", app="search", savedsearch_name="Alert-01", priority=default, status=success, digest_mode=1, scheduled_time=1562300100, window_time=0, dispatch_time=1562300100, run_time=0.298, result_count=23, alert_actions="email", sid="scheduler_adminsearch_RMD5a4aa4f0eb0032e9c_at_1562300100_11", suppressed=0, thread_id="AlertNotifierWorker-0", workload_pool=""
But i did not get any email.
Thanks.
... View more