Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Settings for data source to only monitor weekdays

manderson7
Contributor
‎06-29-2020 07:22 AM

Working a bunch with the Trackme app and it's showing a lot of promise. I finally got the right MLTK and Python applications installed, hopefully that will help some of the issues I'm having.

When I modify a data source, choosing "auto lagging" comes back with unexpected results. In particular, I have a data source that only ingests M-F, between 9am and 5pm. The auto percentile lag of this data source for 7-30 days at 1-3 seconds. How would I go about getting a longer average lag time for this source?

In addition, how can I tell trackme to not show an alert state on the same sourcetype on a monday morning, since it hasn't gotten any events since the friday before? I don't want to set the lag time as too high as that will interfere w/ monitoring during weekdays.

Thanks for your help.

Labels (1)
Labels
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...