Summary
The key takeaways from this chapter are as follows:
There are three different types of alerts in Splunk: scheduled alerts, per-result alerts, and rolling-window alerts
Alerts are based-off underlying historical or real-time searches
Alerts are triggered based on user-specified conditions and can be throttled as required
Alerts have a number of different actions that can be performed when an alert is triggered, including sending an e-mail and executing a script
Alerts play a critical part in gaining proactive operational intelligence
Alerts can be used for relatively simple use cases such as detecting errors or much more complex use cases such as predicting future sales
