Managing alert rules

Manage alert rules from the Alert rules screen by editing, enabling, disabling, or deleting them, and accessing additional actions through the ellipsis menu.

You can manage alert rules from the Alert rules screen that lists all existing alerts.

Select the ellipsis menu or select the alert rule to access the following actions:


Edit alert rule	Modify the configuration of existing alerts. For example, threshold, severity, name, or data entities.
Edit action	Further edit your alert on the Alerts page in Splunk Cloud Platform. For example, edit your alert action to receive notifications through various Splunk alert framework channels.
Enable	Turn on an alert rule that was previously turned off.
Disable	Turning off an alert rule stops it from running in the background. Alerts are no longer triggered by alert rules that are turned off.
Delete	Remove the existing alert rule entirely. Deleted rules are removed from the Alerts tab, and the alerts based on the rule are no longer triggered. Note: The alerts that were previously triggered based on the deleted rule are shown on the list in the Triggered alerts tab until they expire.

Splunk Enterprise

Splunk Cloud Platform

Splunkbase

Enterprise Security

SOAR

IT Service Intelligence

Content Packs

Splunk Observability Cloud

AppDynamics SaaS

AppDynamics On-Premises

SAP Agent

Developer Documentation

Splunkbase

Splunk Enterprise

Splunk Cloud Platform

Splunkbase

DATA MANAGEMENT

SEARCH AND ANALYTICS

ADMINISTRATION

Enterprise Security

SOAR

ENTERPRISE SECURITY

SOAR

RELATED APPS

IT Service Intelligence

Content Packs

ITSI

IT Ops

ADMINISTRATION

EXTENSIONS

Splunk Observability Cloud

MONITORING

DATA MANAGEMENT

ADMINISTRATION

AppDynamics SaaS

AppDynamics On-Premises

SAP Agent

ESSENTIALS

MONITORING

ADMINISTRATION

Developer Documentation

Splunkbase

PLATFORM

OBSERVABILITY

REFERENCE

Resources

REFERENCE

Learn More

Support

Managing alert rules