Creating alerts from searches

Any saved search can also be run on a schedule. One use for scheduled searches is firing alerts. To get started, choose Alert… from the Create menu.

Creating alerts from searches

A wizard interface is presented, covering three steps.

Schedule

The Schedule step provides the following options:

  • Trigger in real-time whenever a result matches: This option will leave a real-time search running all the time and will immediately fire an alert whenever an event is seen.
    Schedule

    This option will create an alert every time an event that matches your search occurs. There ...

Get Implementing Splunk now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.