New to Splunk
I have a search `index="data_collection"`
They have it set up to email them.
When you are looking at search, you see tons of results ... but no email is ever sent.
alert type
real time
then number of results
greater then 3
in 1 minute
trigger once
throttle every 120 seconds
they want to get a email every time there are more then X number of data entries
↧