Extended functionalities
When using Splunk Web (again, I recommend this), you can edit all the alert properties in a single place.
Navigate to Settings | Searches, reports, and alerts; you can locate the search/alert and click on the name. From here, Splunk shows you and allows you to edit all the information for this alert. In addition, there are a few extended functionalities, as follows:
Acceleration
An expiration for the alert
Summary indexing
Splunk acceleration
Splunk acceleration is a technique that Splunk uses to speed up searches which take a long time to complete, because they have to cover a large amount of data. You can enable acceleration for the search that your alert is based on by checking the Accelerate this search checkbox and selecting a Summary range value, as shown in the following screenshot:
Expiration
You can determine the length of time for which Splunk keeps a record of your triggered alerts. On the Details page for an alerting report, you can use the Expiration field to...
