Schedule Recurring Suppression using Alert Manager

KARANMALHOTRA · ‎07-11-2018

Hello,

I am using Alert Manager to handle all alerts being created in my Splunk instance. And I am able to create Suppression Rules for a specific time slot using the Suppression menu provided in the app.

Current Suppression looks like:
Match Type ALL
$result.host$ is MYSERVER123
_time > 1518867000
_time < 1518944400

I have some servers and applications which only need to be monitored from 8am to 10pm on a daily basis as they are powered off outside office hours. With the current implementation, I have to set up a single suppression rule for each day.

Is there a way to provide this schedule in Splunk/Alert Manager so that alerts are suppressed in a specific duration.

Splunk v7.0.0
Alert Manager v2.2.2

Thanks!

KARANMALHOTRA · ‎08-29-2019

We could not find a way to do it via Alert Manager. So we created an external script to resolve the alerts after creation.

Schedule Recurring Suppression using Alert Manager

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation

Schedule Recurring Suppression using Alert Manager

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!