Splunk® Light (Legacy)

Search and Reporting Examples

Acrobat logo Download manual as PDF

On October 22, 2021, Splunk Light will reach its end of life. After this date, Splunk will no longer maintain or develop this product.
Acrobat logo Download topic as PDF

Save your search as an alert

Now save your search as an alert. Alerts monitor your data and alert you when the specified trigger conditions are met.

After completing the previous step:

  1. Click Save As from the search page.
  2. Click Alert.
  3. Name your alert Errors reported (Real-time).
  4. Under Alert type select Real-time.

Set trigger conditions

Trigger conditions lets you specify what triggers your alert. You can trigger an alert on a per-result basis, by the number of results, by the number of hosts, by the number of sources, or even with a custom trigger condition.

  1. Select Number of Results.
  2. Select the is greater than menu. Enter 5.
  3. Select For each result.

Set trigger actions

Trigger Actions let you specify how your alert notifies you. You can add your alert to the triggered alerts list, send a log event to a splunk receiver endpoint, run a script, utilize a webhook, or send yourself an email. You can add multiple trigger actions to an alert.

  1. To add the email alert action, go to Trigger Actions and select Add Actions > Send email.
  2. To add the triggered alerts list action, go to Trigger Actions and select Add Actions > Add to Triggered Alerts.
  3. To add the log event action, go to Trigger Actions and select Add Actions > Log event.
  4. Click Save.

Your alert sends you an email, adds your alert to the list of triggered alerts, and logs the event every time your set conditions trigger the alert.

Last modified on 01 April, 2020
Create your search
View and edit your alert

This documentation applies to the following versions of Splunk® Light (Legacy): 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters