real-time alert
noun
An alert that is based on a real-time search.
When you configure an alert for a real-time search, the search runs continuously in the background once the search is saved. The advantage of real-time alerts is that alert actions are triggered the moment that the alert conditions are satisfied.
In contrast, alerts based on standard searches run on a regular schedule, such as every 10 minutes, every hour, or every day at midnight. When these searches are triggered, a certain amount of time may have elapsed since the alerting condition was met.
Because real-time alerts run continuously in the background, they place more overhead on system performance. If your system is running slow, and you have alerts that do not require quick response, you may want to reconfigure them so they are based on scheduled searches instead.
For more information
In the User Manual:
*
A
D
E
I
M
P
R
- rawdata
- rawdata file
- RBAC
- real-time alert
- real-time search
- receiver
- receiving
- receiving port
- relative time modifier
- replicated data
- replication factor
- replication port
- report
- Report acceleration
- report builder
- reporting command
- REST API
- REST endpoint
- retention time
- role
- role-based access control
- Rolling-window alert
- round-robin load balancing
S
- SPL
- saved report
- saved search
- scanned event
- scheduled alert
- scheduled search
- scheduler
- scripted authentication
- scripted input
- search
- searchability
- searchable
- Search app
- search artifact
- search assistant
- search command
- search factor
- search field
- search filter
- search head
- search head pooling
- search job
- Search Job Inspector
- search macro
- search management
- search mode
- search peer
- search processing language
- search scheduler
- search time
- search timeline
- search view
- segment
- send to background
- series
- server
- server class
- solution
- source
- source type
- source type renaming
- Splunkbase
- splunkd
- Splunk Education
- Splunk Enterprise
- Splunk Enterprise trial
- Splunk for Blue Coat
- Splunk for F5
- Splunk App for Unix and Linux
- Splunk App for Windows
- Splunk Free
- Splunk Manager
- Splunk server
- Splunk Storm
- Splunk Support
- Splunk Web
- SSO
- stack
- stack mode
- standard search
- stanza
- streaming command
- subsearch
- suite
- summary index
- syslog
T
Splunk
licensing
Splunk Enterprise, Splunk Enterprise trial
Splunk Free
license entitlement
Splunk services
Splunk Education
Splunk Support: Global, Enterprise, Community
Splunk server
splunkd: CLI, command line tool
Splunk Web: view, dashboard, panel, search view, Manager
app: SplunkBase, Search app, view, panel, add-on, suite
solutions
solution
suite
app
Splunk for Windows
Splunk for Unix and Linux
Splunk for Blue Coat
Splunk for F5
add-on
deployment
deployment server
deployment client, server class, multi-tenant environment
load balancing
automatic load balancing, round-robin data balancing
distributed search
forwarder
light forwarder
forwarding license
receiver
data routing
conditional routing
indexQueue, parsingQueue, nullQueue
target group, default group
troubleshooting
search
Search app
timeline, time range picker
Report Builder
Splunk search language
command transforming command
punct, pipe operator
subsearch, search macro
search assistant
search timeline
search result
event, field, timestamp
report
form search
search job
knowledge management
knowledge
knowledge object
field extraction, field transform, tag, transaction, workflow action, lookup, saved search, event type, search command
Manager
field
default field: host, source, source type, punct
indexed field
search field
internal field
extracted field
multivalue field
alias
field extraction
index-time, search-time
interactive field extractor (IFX)
event
event data
event processing
multiline event
event type
event type builder
event type finder
transaction
tag
lookup
workflow action
saved search
summary index
configuration
configuration file
event processing
character set encoding
segmentation
timestamping
default field extraction
host, source, source type, punct