Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Alert Throttling - where are the throttled values stored?

MKozanic
Path Finder
‎10-28-2021 03:29 PM

Hi All,

I'm trying to work out best practice with regards to alert throttling and max time frames.

Trying to determine whether if we where to throttle something for 2 weeks, would we actually be better off filtering in a different way, either by using a lookup or a subsearch.

I'd like to know where the values that are used for throttling are stored, and what whether there is any performance considerations we need to account for when looking at throttling for longer periods.

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...

Leverage Cisco Talos Threat Intelligence Across Splunk Security Products

Leverage Cisco Talos Threat Intelligence Across Splunk Security Products   Security Edition   Have you ...

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience Tune in to What’s New in Splunk Enterprise ...