Review all recently triggered alerts on the Triggered Alerts page. You can also see recent trigger activity for a specific alert on its detail page.
For information on configuring the "Add to Triggered Alerts" action, see List instances of triggered alerts.
Triggered alert listing
Alerts appear on the Triggered Alerts page under the following conditions.
- The "Add to Triggered Alerts" action is enabled for the alert.
- The alert triggered recently.
- The alert retention time is not complete.
- The triggered alert listing has not been deleted.
On the Triggered Alerts page, details appear in the following categories.
Category Description Time Trigger date and time. Fired alerts Triggered alert name(s). App Alert app context. Type Alert type. Severity Assigned alert severity level. Severity levels can help you sort or filter alerts on this page. Mode Alert triggering configuration mode. "Per-result" means that the alert triggered because of a single event. "Digest" means that the alert triggered because of a group of events.
Access and update triggered alerts
Here are steps for accessing and using the Triggered Alerts page.
(Optional) Review Triggered alert listing.
- From the top-level navigation bar, select Activity > Triggered Alerts.
- Filter any displayed alerts according to App, Owner, Severity, and Alert (alert name).
- (Optional) Use the keyword search to find triggered alerts by alert name or app context.
- (Optional) Take the following actions from the Alert Manager.
- View alert search results.
- Edit the alert search.
- Delete a triggered alert listing.
Configure triggered alert expiration
By default, each alert trigger record on the Triggered Alerts page expires after twenty-four hours. Here are steps for updating triggered alert expiration. These steps apply only to alerts with the "Add to Triggered Alerts" action enabled.
- From the top-level navigation bar, select Settings > Searches, reports, and alerts.
- Locate the alert that you want to modify under Search Name.
- Select the alert. A configuration dialog opens.
- Scroll to the Expiration settings dropdown.
- Configure expiration time. Here are the available options.
Option Additional steps for this option Select one of the preset expiration options. None Select Custom Use the text field and dropdown to define a custom expiration time.
- Click Save.
Delete a triggered alert listing
By default, triggered alert records on the Triggered Alerts page expire after twenty-four hours. There are a few ways to change whether a triggered alert listing appears on this page.
- Update triggered alert listing expiration time.
- Delete a triggered alert listing from the Triggered Alerts page.
- Disable an alert to prevent it from triggering.
Using the alert actions manager
Enable summary indexing
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14