All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Schedule Recurring Suppression using Alert Manager

KARANMALHOTRA
Path Finder
‎07-11-2018 12:02 AM

Hello,

I am using Alert Manager to handle all alerts being created in my Splunk instance. And I am able to create Suppression Rules for a specific time slot using the Suppression menu provided in the app.

Current Suppression looks like:
Match Type ALL
$result.host$ is MYSERVER123
_time > 1518867000
_time < 1518944400

I have some servers and applications which only need to be monitored from 8am to 10pm on a daily basis as they are powered off outside office hours. With the current implementation, I have to set up a single suppression rule for each day.

Is there a way to provide this schedule in Splunk/Alert Manager so that alerts are suppressed in a specific duration.

Splunk v7.0.0
Alert Manager v2.2.2

Thanks!

0 Karma
Reply

KARANMALHOTRA
Path Finder
‎08-29-2019 11:21 PM

We could not find a way to do it via Alert Manager. So we created an external script to resolve the alerts after creation.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...