Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible to stop alert for particular time window?

cbiraris
Path Finder
‎09-15-2022 07:42 AM

Hi Team,

Is it possible to stop alert for particular time window.

Suppose I have a alert already created and running and I want to stop it on a coming Saturday from 1 PM to 4PM. is it possible whiteout doing it manual or not by using cron scheduler ? 

Please help. Thank you

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-15-2022 08:25 AM

Hi @cbiraris,

to have an alert active all the week but not Saturday from 1 to 4 PM, you have two solutions:

  • to schedule two alerts:
    • one for Saturday with cron * 1-12,17-23 * * 6
    • one for the other days with cron * * * * 0-5
  • insert in your search a condition that avoid results in that period, in other words, add to your main search:
    • <your_search> NOT (date_hour>12 date_hour<17)

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...