Review all recently triggered alerts on the Triggered Alerts page. You can also see recent trigger activity for a specific alert on its detail page.
For information on configuring the "Add to Triggered Alerts" action, see Monitor triggered alerts.
Triggered alert listing
Alerts appear on the Triggered Alerts page under the following conditions.
- The "Add to Triggered Alerts" action is enabled for the alert.
- The alert triggered recently.
- The alert retention time is not complete.
- The triggered alert listing has not been deleted.
On the Triggered Alerts page, details appear in the following categories.
Category Description Time Trigger date and time. Fired alerts Triggered alert name(s). App Alert app context. Type Alert type. Severity Assigned alert severity level. Severity levels can help you sort or filter alerts on this page. Mode Alert triggering configuration mode. "Per-result" means that the alert triggered because of a single event. "Digest" means that the alert triggered because of a group of events.
Access and update triggered alerts
Here are steps for accessing and using the Triggered Alerts page.
(Optional) Review Triggered alert listing.
- From the top-level navigation bar, select Activity > Triggered Alerts.
- Filter any displayed alerts according to App, Owner, Severity, and Alert (alert name).
- (Optional) Use the keyword search to find triggered alerts by alert name or app context.
- (Optional) Take the following actions from the Alert Manager.
- View alert search results.
- Edit the alert search.
- Delete a triggered alert listing.
Delete a triggered alert listing
By default, triggered alert records on the Triggered Alerts page expire after twenty-four hours. There are a few ways to change whether a triggered alert listing appears on this page.
- Update triggered alert listing expiration time.
- Delete a triggered alert listing from the Triggered Alerts page.
- Disable an alert to prevent it from triggering.
Using the alert actions manager
Additional alert configuration options
This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.6.0, 6.6.1, 6.6.2, 6.6.3