Monitor triggered alerts
Add an alert to a list of triggered alerts. Review triggered alerts by app context, owner, and severity level.
Add an alert to the Triggered Alerts list
- Use one of the following options depending on whether you are creating a new alert or editing an existing alert.
Option Steps Create a new alert From the Search page in the Search and Reporting app, select Save As > Alert. Enter alert details and configure triggering and throttling as needed. Edit an existing alert From the Alerts page in the Search and Reporting app, select Edit>Edit actions for an existing alert.
- From the Add Actions menu, select Add to triggered alerts.
- Select an alert Severity level.
Severity levels are informational only. They are used to group alerts in the Triggered Alerts list. The default level is Medium.
- Click Save.
Reviewing recently triggered alerts
You can see records of recently triggered alerts from the Triggered Alerts page or from an Alert Details page. The Triggered Alerts page shows all instances of triggered alerts. See Review triggered alerts for more information on viewing and interpreting triggered alerts.
Records of triggered alert details are available for twenty-four hours by default. See Update triggered alert lifespans for information on changing the expiration setting for an individual alert.
Run a script alert action
This documentation applies to the following versions of Splunk® Enterprise: 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 9.0.0, 9.0.1