Solved: Re: Alert Manager: How to suppress follow on alert...

afx · ‎11-25-2020

Hi,

looks like I am missing something.

I have a Splunk alert that is a bit spammy. I would like to use the Alert Manager app to give me one alert a day, basically the first time this alert shows up. And be quiet for the rest of the day, just increase the duplicate counter.

I can get alerts to be counted as duplicates, but I still get e-mails for all of them.

I have not found a way in the suppression rules to hide follow on alerts.

thx

afx

my2ndhead · ‎11-27-2020

Currently there's no way to suppress emails from follow on alerts. I will take this as a feature request.

View solution in original post

my2ndhead · ‎11-27-2020

Currently there's no way to suppress emails from follow on alerts. I will take this as a feature request.

afx · ‎11-29-2020

Absolutely yes please.

So far I have only been toying with Alert manager.

That feature would make it production worthy 😉

thx
afx

Alert Manager: How to suppress follow on alerts

administration

configuration

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases