Splunk® Enterprise

Alerting Manual

Download manual as PDF

Download topic as PDF

Access and update alerts

There are several ways to access and edit alerts. Here is a comparison of typical alert management tasks and where to complete them in Splunk Web.

Task Where to go
View all alerts in the current app context. Alerts page
Select an alert to review or update. Alerts page
View and edit alert details. From the Alerts page, select an alert to open its detail page.
Review available alert actions and browse for more actions. Alert Actions manager page.
Review recently triggered alerts. Triggered Alerts listing page.


Use the Alerts page

The Alerts page lists all alerts for an app. It is available from the top-level navigation menu for an app. From the Alerts page you can use the following options.

Option Description
Select a filtering option for displayed alerts.
  • All. View all alerts for which you have view permission.
  • Yours. View alerts that you own.
  • This App's. View alerts for the current app. Only alerts for which you have permission to view display in the list.
Select any displayed alert Opens the detail page for an alert. You can review and make additional edits to the alert on the detail page.
Open in Search View or modify the alert's search string in the Search page. Time range updates in Splunk Web are not supported.
Edit Opens the detail page for an alert. You can review and make additional edits to the alert on the detail page.


Edit an alert search

  1. From the Alerts page, locate the alert and click Open in Search. The alert search opens in the Search page.
  2. Edit the search string as needed.
  3. Run the edited search.
  4. Click Save to update the alert. If prompted again, click Save.
  5. Select from the following options.
Option Description
"View alert" Opens the alert detail page.
"Continue editing" Return to the Search page.
"Permissions" View and edit alert permissions.

Access alert details

From the Alerts page, select an alert to review and update its settings. Authorized users can change the following alert settings.

  • Enable or disable the alert
  • App context
  • Permissions
  • Alert type and timing
  • Trigger conditions
  • Alert actions
PREVIOUS
Alert action permissions
  NEXT
Alerts page

This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 7.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters