Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to throttle Splunk alert configuration?

Veeru
Path Finder
‎04-14-2023 03:42 AM

Hello 

I need some assistance please with the alert throttle functionality in splunk

 

Even though we have the  alert throttle enabled & suppressed for 60mins the alert still seems to generate a trigger every 10mins  @ 00:10, 00:20, 00:30, 00:40, and 00:50

I only want the 00:10 event to trigger & then suppress the 00:20, 00:30, 00:40 & 00:50 events.

 

Thank you in advance
Veeru

Labels (2)
Labels
Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎04-14-2023 02:00 PM

Just setup throttling.

0 Karma
Reply

Veeru
Path Finder
‎04-17-2023 02:31 AM

@woodcock 
I did it but it is not suppressing the alerts

0 Karma
Reply

woodcock
Esteemed Legend
‎04-17-2023 11:31 AM

My answer was a passive-aggressive prod.  You need to ADD DETAIL.  Show us the entry in savedsearches.conf.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...