https://community.splunk.com/t5/Alerting/Splunk-alert-to-ignore-user-for-a-week/m-p/555137#M10572 <P>Hi</P><P>your alert need to return all users by it’s own row if they are alerted. Then in alert dialog select alert per results and needed throttle time for that.</P><P><A href="https://docs.splunk.com/Documentation/Splunk/8.2.0/Alert/AlertTriggerConditions" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.2.0/Alert/AlertTriggerConditions</A></P><P>r. Ismo</P> Wed, 09 Jun 2021 16:48:22 GMT isoutamo 2021-06-09T16:48:22Z https://community.splunk.com/t5/Alerting/Splunk-alert-to-ignore-user-for-a-week/m-p/555135#M10571 <P>Hello All,</P><P>I am working on a unique request and was wondering if its possible.</P><P>The request is to run an alert every hour and if a user appears in the alert, it should ignore the same user for one week.</P><P>Need your help if it can be configured.</P><P>Thanks in advance,</P> Wed, 09 Jun 2021 16:37:59 GMT https://community.splunk.com/t5/Alerting/Splunk-alert-to-ignore-user-for-a-week/m-p/555135#M10571 spodda01da 2021-06-09T16:37:59Z https://community.splunk.com/t5/Alerting/Splunk-alert-to-ignore-user-for-a-week/m-p/555137#M10572 <P>Hi</P><P>your alert need to return all users by it’s own row if they are alerted. Then in alert dialog select alert per results and needed throttle time for that.</P><P><A href="https://docs.splunk.com/Documentation/Splunk/8.2.0/Alert/AlertTriggerConditions" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.2.0/Alert/AlertTriggerConditions</A></P><P>r. Ismo</P> Wed, 09 Jun 2021 16:48:22 GMT https://community.splunk.com/t5/Alerting/Splunk-alert-to-ignore-user-for-a-week/m-p/555137#M10572 isoutamo 2021-06-09T16:48:22Z https://community.splunk.com/t5/Alerting/Splunk-alert-to-ignore-user-for-a-week/m-p/555842#M10592 <P>Thanks for the response, I am going to test it further.</P> Tue, 15 Jun 2021 17:59:54 GMT https://community.splunk.com/t5/Alerting/Splunk-alert-to-ignore-user-for-a-week/m-p/555842#M10592 spodda01da 2021-06-15T17:59:54Z https://community.splunk.com/t5/Alerting/Splunk-alert-to-ignore-user-for-a-week/m-p/555905#M10596 <P>In Alerts for Splunk Admins, <A href="https://splunkbase.splunk.com/app/3796/" target="_blank">https://splunkbase.splunk.com/app/3796/</A> or <A href="https://github.com/gjanders/SplunkAdmins" target="_blank">https://github.com/gjanders/SplunkAdmins</A></P><P>I have examples such as SearchHeadLevel - Users exceeding the disk quota introspection, &nbsp;where I use a lookup file to stop emailing users for a week. A separate report cleans up the lookup&nbsp;</P><P>That's another alternative...</P> Wed, 16 Jun 2021 04:59:16 GMT https://community.splunk.com/t5/Alerting/Splunk-alert-to-ignore-user-for-a-week/m-p/555905#M10596 gjanders 2021-06-16T04:59:16Z