Creating alerts from searches

Any saved search can also be run on a schedule. One use for scheduled searches is firing alerts. To get started, choose Alert… from the Create menu.

Creating alerts from searches

A wizard interface is presented, covering three steps.

Schedule

The Schedule step provides the following options:

  • Trigger in real-time whenever a result matches: This option will leave a real-time search running all the time and will immediately fire an alert whenever an event is seen.
    Schedule

    This option will create an alert every time an event that matches your search occurs. There ...

Get Implementing Splunk: Big Data Reporting and Development for Operational Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.