Hello, I am having a hard time trying to pin down why most of my real-time alerts have stopped working. I have looked into scheduler.log and python.log, and did not find much insightful details to the problem. Here are the symptoms:
- Only real-time alerts are not appearing to fire
- Non-realtime alerts appear to be fine as I am still getting alert emails
- Once splunk is restarted, some rt alerts appear to be firing; then eventually stopped