All Apps and Add-ons

Schedule Recurring Suppression using Alert Manager

Path Finder


I am using Alert Manager to handle all alerts being created in my Splunk instance. And I am able to create Suppression Rules for a specific time slot using the Suppression menu provided in the app.

Current Suppression looks like:
Match Type ALL
$$ is MYSERVER123
_time > 1518867000
_time < 1518944400

I have some servers and applications which only need to be monitored from 8am to 10pm on a daily basis as they are powered off outside office hours. With the current implementation, I have to set up a single suppression rule for each day.

Is there a way to provide this schedule in Splunk/Alert Manager so that alerts are suppressed in a specific duration.

Splunk v7.0.0
Alert Manager v2.2.2


0 Karma

Path Finder

We could not find a way to do it via Alert Manager. So we created an external script to resolve the alerts after creation.

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>