All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Alert Manager - auto resolve if "append incident with the same title" is enabled

djluke
Path Finder
‎05-11-2021 03:12 AM

Hi Splunkers,
I'm here again asking for help with the alert manager app.
I'm trying the "auto-resolve" feature combined with "append incident with the same title".

I would like that all incidents with new appended events to be automatically closed at time "last_event + ttl"

What I'm seeing now is an automatic closure at time "open time + ttl" even if there are new events for the same incident.

Here below a simple example:
Auto-close = enabled
Append new incidents = enabled

Search = my search
TTL = 11m
Incident creation time = 13:00:00 
Appended events time = 13:05:00 , 13:10:00

Auto close time = 13:00:00 + 11m = 13:11:00
Desidered auto close time = 13:10:00 + 11m = 13:21:00


Thanks in advance for your support.

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...