Save your search as an alert
Now save your search as an alert. Alerts monitor your data and alert you when the specified trigger conditions are met.
After completing the previous step:
- Click Save As from the search page.
- Click Alert.
- Name your alert Errors reported (Real-time).
- Under Alert type select Real-time.
Set trigger conditions
Trigger conditions lets you specify what triggers your alert. You can trigger an alert on a per-result basis, by the number of results, by the number of hosts, by the number of sources, or even with a custom trigger condition.
- Select Number of Results.
- Select the is greater than menu. Enter 5.
- Select For each result.
Set trigger actions
Trigger Actions let you specify how your alert notifies you. You can add your alert to the triggered alerts list, send a log event to a splunk receiver endpoint, run a script, utilize a webhook, or send yourself an email. You can add multiple trigger actions to an alert.
- To add the email alert action, go to Trigger Actions and select Add Actions > Send email.
- To add the triggered alerts list action, go to Trigger Actions and select Add Actions > Add to Triggered Alerts.
- To add the log event action, go to Trigger Actions and select Add Actions > Log event.
- Click Save.
Your alert sends you an email, adds your alert to the list of triggered alerts, and logs the event every time your set conditions trigger the alert.
Create your search
View and edit your alert
This documentation applies to the following versions of Splunk® Light (Legacy): 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6