Splunk supports **Scheduled alerts**, which run on a defined cron or time-based schedule, and **Real-time alerts**, which continuously monitor data as it is indexed. Real-time alerts can trigger per result or on a rolling time window.