search

splunk / terraform-provider-splunk

Terraform Provider for Splunk
Mozilla Public License 2.0
105 stars 79 forks source link

Cannot create saved searches alerts with "alert_type" as "number of events" #175

Open msantos-repay opened 1 year ago

msantos-repay commented 1 year ago

I cannot create the alert/saved search. It throws the following error:

Error: 400 Bad Request: {"messages":[{"type":"ERROR","text":"windowed real-time per result alerts require field based alert throttling to be enabled"}]}

I'm trying to pass alert_type as number of events.

One colleague told me it only works by creating as an always running alarm:

alert_type             = "always"
   cron_schedule          = "* * * * *"
   dispatch_earliest_time = "rt"
   dispatch_latest_time   = "rt"
   is_scheduled           = true

Version: 1.4.22

But we need to pass as number of events and the proper cron expression, dispatch_earliest_timeand dispatch_latest_time .