Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Provide the ability to disable alerts during system maintenance.

jojoridge
Engager
‎04-09-2014 12:35 PM

What I'm trying to accomplish is to provide the ability to disable alerts during system maintenance.

I've read the current suggestions in this forum, but none seem as easy as what I'd like (I'm still somewhat of a novice). To complicate matters, the maintenance windows sometimes occur on a non-fixed schedule.

I know that one approach would be to create a new group and provide certain access rights to that group to enable them to manually enable/disable the alerts. So far unable to locate the details on what is needed to implement this approach. I thought perhaps the "power_user" role would provide sufficient rights, but apparently not since they already have read/write permissions and still can't enable/disable the alerts.

Actually, I'd like a better approach, but providing alert enablement/disablement rights would be at least usable.

It would be quite helpful (and educational) if someone could provide more explicit details on how to provide a non-admin user/group with the rights to enable/disable alerts.

Thanks

Tags (1)
Reply

dkuk
Path Finder
‎04-09-2014 11:10 PM

Alternatively you could put all of the saved searches that drive the alerts in an app on their own then disable the app and hence all searches via the "manage apps" page (on v6) in the UI during a maintenance window. That would then capture all alerts in one go.

0 Karma
Reply

linu1988
Champion
‎04-09-2014 12:42 PM

Assuming you are an admin user.

Go to saved searches for the app-> on permission of that savedsearch which acts as an alert. Provide write permission to that role. They need not be a admin user, and user can have access to enable or disable objects if they have write permission on them.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...