Hi,
I am new to Splunk.
I am running the evaluation version.
I am streaming data into splunk every minute.
I have setup a fairly simple alert:
- used a search that returns new results every minute (I can see it works from the Alerts-Open In Search option).
- Enabled = Yes.
- App = search.
- Permissions = Shared Globally. Owned by admin.
- Alert Type = Scheduled.
- Cron Schedule = -1m, now, `0-59 14-18 * * *`
- Trigger = # of results >1 for each result, not throttled.
- Actions: sent to Slack and Email.
However I do not get any emails or Slack messages and the Alert is listed as "There are no fired events for this alert".
Is there a simple thing that I have missed?
Maybe I can simplify my alert to just get any events triggered?
Any help most appreciated!
Thanks,
Nick
↧