Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Provide the ability to disable alerts during system maintenance.

jojoridge
Engager
‎04-09-2014 12:35 PM

What I'm trying to accomplish is to provide the ability to disable alerts during system maintenance.

I've read the current suggestions in this forum, but none seem as easy as what I'd like (I'm still somewhat of a novice). To complicate matters, the maintenance windows sometimes occur on a non-fixed schedule.

I know that one approach would be to create a new group and provide certain access rights to that group to enable them to manually enable/disable the alerts. So far unable to locate the details on what is needed to implement this approach. I thought perhaps the "power_user" role would provide sufficient rights, but apparently not since they already have read/write permissions and still can't enable/disable the alerts.

Actually, I'd like a better approach, but providing alert enablement/disablement rights would be at least usable.

It would be quite helpful (and educational) if someone could provide more explicit details on how to provide a non-admin user/group with the rights to enable/disable alerts.

Thanks

Tags (1)
Reply

dkuk
Path Finder
‎04-09-2014 11:10 PM

Alternatively you could put all of the saved searches that drive the alerts in an app on their own then disable the app and hence all searches via the "manage apps" page (on v6) in the UI during a maintenance window. That would then capture all alerts in one go.

0 Karma
Reply

linu1988
Champion
‎04-09-2014 12:42 PM

Assuming you are an admin user.

Go to saved searches for the app-> on permission of that savedsearch which acts as an alert. Provide write permission to that role. They need not be a admin user, and user can have access to enable or disable objects if they have write permission on them.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...