Customize time for alerts

theouhuios — Wed, 15 May 2013 15:18:36 GMT

Hello

I have a alert running for every 5 mins to check the service status and alert when it's STOPPED. Everyday from 3:15 to 4:15 all the services will be STOPPED. Is there anyway that I can make that search not to run for that 1 hour and stop sending emails. As we all know that services will be down for sure in that 1 hour period we don't need to get alerted for that 1 hour.

Any ideas

Re: Customize time for alerts

BobM — Wed, 15 May 2013 20:16:31 GMT

Hi Theo

If your server was down for a clean hour, it would be a simple task to use cron to schedule it. For example the following would work every 5 mins from midnight to 2:55 and then 4:00 onwards.

*/5 0-2,4-24 * * *

For your timing, this is not so simple. I would normally use the date_hour and date_minute fields to calculate the time but your report may not have them. What you could do is modify the search by adding the following at the end of the search.

| eval timeInMin=(now()-relative_time(now(), "@d"))/60 | where (timeInMin < 3*60+14) OR (timeInMin > 4*60+16)| fields - timeInMin

This would delete any results if the time was between 3:15 and 4:15. If this doesn't work, please tell us how you have your alert set up.

topic Customize time for alerts in Alerting

Customize time for alerts

Re: Customize time for alerts