To reset/delete the alerts at configurable time.

AditiKulkarni · ‎05-20-2015

With built-in functionality of splunk, we can set the alert expiration time to 6hrs, 12hrs etc.
But is there a way to delete all the alerts raised during a day at particular time and can we keep that time configurable?
e.g. I want to reset/delete all the alerts raised during a day at 23:59:59, how can this be achieved?

vganjare · ‎05-20-2015

Can you please check the answer provided in https://answers.splunk.com/answers/208712/is-there-an-easy-way-to-use-the-rest-api-to-disabl.html

Thanks!!

SwatiApte · ‎06-09-2015

Hi,

As per a Business requirement, we want to be able to automatically delete all Alerts triggered on the previous Business Day, at the start of each Business Day. For eg. at the start of the current day, let us say 9th June 00:01:00, we want to delete all the triggered alerts triggered between 8th June 00:00:00 to 8th June 23:59:59.

Could you please let us know if this could be the correct way of doing it? The following query works, but we do not know the impact it could have, or if it is correct to use it.

index=_audit earliest=-1d@d latest=@d action=alert_fired ss_app= | delete

AditiKulkarni · ‎05-24-2015

Thank you for the answer but, i don't need to disable the alerts in the particular window but, need to delete all the alerts raised (in triggered alerts window) within day at a particular configurable time.

To reset/delete the alerts at configurable time.

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform