In this blog we will be working in our environment to create alert action, keep following the steps to creating alert for popup message splunk.
Run this command to get all the data from rest.
And extract only the desired content
| rest /services/messages | table timeCreated_iso title splunk_server severity message
Creating alert with throttle threshold of 6 hour
1)Set suppress triggering for as 6 hour(s).
2) Save the search as Alert.