The Signal Tower • Room 2

Alert Actions & Scheduling

Splunk provides four built-in alert actions: **Email**, **Webhook**, **Run a Script**, and **Log Event**.

Real-time alerts trigger as soon as events match the condition. Scheduled alerts run at defined intervals (e.g., every 5 minutes) and evaluate the results.

For high-volume environments, scheduled alerts with appropriate cron syntax are far more efficient than real-time alerts.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Drag items to their correct zone (or tap item then tap zone on mobile)

Event fires immediately on match

Runs on a cron schedule

Higher resource consumption

Better for high-volume environments

Real-Time

Scheduled