Database Reference
In-Depth Information
Types of alerts
There are three basic types of alerts in Splunk. These are listed and described as follows:
1.
Per result alert
: This type of alert takes place when a trigger condition is met. So,
for example, if a trigger is set to indicate when a product's sales have dropped be-
low 70 percent of their average normal sales for a particular season, an alert like
this would notify sales managers that there may be a problem.
2.
Scheduled alert
: A scheduled alert is set to occur on a schedule, set to notify ac-
cording to set intervals, if a condition is met.
3.
Rolling-window alert
: This type of alert takes place if, within a rolling time win-
dow, an action or set of actions occurs. Such an alert can be particularly useful for
fraud protection; for instance, actions such as large expenses charged in a short
period of time can set off such alerts, allowing information about the problem to be
shared quickly with those who need to know.
