Scheduled or real time

We've looked at scheduled alerts in detail in this chapter, so now, let's take a look at Splunk's ability to provide real-time alerts.

With real-time searching, you can search for events before they are indexed and preview the results as the events stream in. Based on real-time searches, you can create alerts that run continuously in the background to deliver timelier notifications than alerts that are based on scheduled searches.

In a similar fashion, in order to create a scheduled alert, we need to do the following to create a real-time alert:

On the Search page, click on Save As.
When the Save As Alert dialog opens, give your alert a name and a description.
Select Alert type of the alert you want to configure (Real Time): ...

Get Mastering Splunk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Splunk by James Miller

Scheduled or real time

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly