Splunk® Enterprise

Alerting Manual

Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Access and update alerts

There are several ways to access and edit alerts. Here is a comparison of typical alert management tasks and where to complete them in Splunk Web.

Task Where to go
View all alerts in the current app context. Alerts page
Select an alert to review or update. Alerts page
View and edit alert details. From the Alerts page, select an alert to open its detail page.
Review available alert actions and browse for more actions. Alert Actions manager page.
Review recently triggered alerts. Triggered Alerts listing page.


Use the Alerts page

The Alerts page lists all alerts for an app. It is available from the top-level navigation menu for an app. From the Alerts page you can use the following options.

Option Description
Select a filtering option for displayed alerts.
  • All. View all alerts for which you have view permission.
  • Yours. View alerts that you own.
  • This App's. View alerts for the current app. Only alerts for which you have permission to view display in the list.
Select any displayed alert Opens the detail page for an alert. You can review and make additional edits to the alert on the detail page.
Open in Search View or modify the alert's search string in the Search page. Time range updates in Splunk Web are not supported.
Edit Opens the detail page for an alert. You can review and make additional edits to the alert on the detail page.


Edit an alert search

  1. From the Alerts page, locate the alert and click Open in Search. The alert search opens in the Search page.
  2. Edit the search string as needed.
  3. Run the edited search.
  4. Click Save to update the alert. If prompted again, click Save.
  5. Select from the following options.
Option Description
"View alert" Opens the alert detail page.
"Continue editing" Return to the Search page.
"Permissions" View and edit alert permissions.

Access alert details

From the Alerts page, select an alert to review and update its settings. Authorized users can change the following alert settings.

  • Enable or disable the alert
  • App context
  • Permissions
  • Alert type and timing
  • Trigger conditions
  • Alert actions
Last modified on 04 April, 2017
Alert action permissions   Alerts page

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1, 8.1.0, 8.1.10, 8.1.11, 8.1.12


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters