Which of the following is NOT true about scheduled alerts?

Scheduled alerts in Splunk are designed to monitor data at predetermined intervals or according to certain schedules. They can run on a regular basis, which is a fundamental aspect of their functionality, allowing users to receive notifications based on the data that accumulates during those intervals.

The option regarding the need to match certain event criteria is incorrect in this context because scheduled alerts indeed rely on specific search conditions to trigger an alert. This means they must be configured to look for particular events or conditions based on the data being searched, thereby ensuring that alerts are relevant and meaningful.

Scheduled alerts can also be customized to run at specific intervals, which adds flexibility in how often alerts are triggered based on user needs. This customization can pertain to the timing of the alert runs to ensure they align with operational requirements.

In summary, the defining feature of scheduled alerts is that they execute based on user-defined schedules and selected event criteria, emphasizing their role in data monitoring and proactive alerting.