Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

To reset/delete the alerts at configurable time.

AditiKulkarni
New Member
‎05-20-2015 02:24 AM

With built-in functionality of splunk, we can set the alert expiration time to 6hrs, 12hrs etc.
But is there a way to delete all the alerts raised during a day at particular time and can we keep that time configurable?
e.g. I want to reset/delete all the alerts raised during a day at 23:59:59, how can this be achieved?

0 Karma
Reply

vganjare
Builder
‎05-20-2015 02:46 AM

Can you please check the answer provided in https://answers.splunk.com/answers/208712/is-there-an-easy-way-to-use-the-rest-api-to-disabl.html

Thanks!!

0 Karma
Reply

SwatiApte
Path Finder
‎06-09-2015 01:29 AM

Hi,

As per a Business requirement, we want to be able to automatically delete all Alerts triggered on the previous Business Day, at the start of each Business Day. For eg. at the start of the current day, let us say 9th June 00:01:00, we want to delete all the triggered alerts triggered between 8th June 00:00:00 to 8th June 23:59:59.

Could you please let us know if this could be the correct way of doing it? The following query works, but we do not know the impact it could have, or if it is correct to use it.

index=_audit earliest=-1d@d latest=@d action=alert_fired ss_app= | delete

0 Karma
Reply

AditiKulkarni
New Member
‎05-24-2015 09:38 PM

Thank you for the answer but, i don't need to disable the alerts in the particular window but, need to delete all the alerts raised (in triggered alerts window) within day at a particular configurable time.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...