Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Ignore throttle value in specific cases

mdzmuran
Observer
‎08-13-2021 12:59 AM

Hi Team.

I have an alert with throttle value defined, for example 4 hours. If the alert is generated at 4 am, subsequent alerts are suppressed until 8 am. However, I need to generate the alert at 6 am if the alert condition is met no matter if we are in the throttle period or not.

The reason is that working hour start at 6 am, we have a hotline active and we need to make sure that everything is up and running. The hotline does not know about the alert generated at 4 am.

Labels (2)
Labels
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

Splunk New Course Releases for a Changing World

Every day, the world feels like it’s moving faster with new technological breakthroughs, AI innovation, and ...

Insights from .conf 2025, Smart Edge Processor Scaling, and a New Splunk Lantern ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...