Review all recently triggered alerts on the Triggered Alerts page.
For information on configuring the "Add to Triggered Alerts" action, see Monitor triggered alerts.
Triggered alert listing
Alerts appear on the Triggered Alerts page under the following conditions.
- The "Add to Triggered Alerts" action is enabled for the alert.
- The alert triggered recently.
- The alert retention time is not complete.
- The triggered alert listing has not been deleted.
On the Triggered Alerts page, details appear in the following categories.
Category Description Time Trigger date and time. Fired alerts Triggered alert name(s). App Alert app context. Type Alert type. Severity Assigned alert severity level. Severity levels can help you sort or filter alerts on this page. Mode Alert triggering configuration mode. "Per-result" means that the alert triggered because of a single event. "Digest" means that the alert triggered because of a group of events.
Records of triggered alerts are available for twenty-four hours by default. You can configure this expiration time on a per-alert basis. For example, you can arrange to have the triggered alert records for an alert have a lifespan of seven days instead of twenty-four hours. See Update triggered alert lifespans for information on changing the lifespan of the alert records for an individual alert.
Access and update triggered alerts
Here are steps for accessing and using the Triggered Alerts page.
(Optional) Review Triggered alert listing.
- From the top-level navigation bar, select Activity > Triggered Alerts.
- Filter any displayed alerts according to App, Owner, Severity, and Alert (alert name).
- (Optional) Use the keyword search to find triggered alerts by alert name or app context.
- (Optional) Take the following actions from the Alert Manager.
- View alert search results.
- Edit the alert search.
- Delete a triggered alert listing.
Delete a triggered alert listing
By default, triggered alert records on the Triggered Alerts page expire after twenty-four hours. There are a few ways to change whether a triggered alert listing appears on this page.
- Update triggered alert listing expiration time.
- Delete a triggered alert listing from the Triggered Alerts page.
- Disable an alert to prevent it from triggering.
Using the alert actions manager
Additional alert configuration options
This documentation applies to the following versions of Splunk® Enterprise: 7.0.9, 7.0.10, 7.1.7, 7.1.8, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.3.0