Splunk On-Call

How to change alert so that When no one is on-call, notify the next person that starts a shift?


Hi, we currently have one of our on-call schedules to be office hours only (Weekdays 9-5). However, we are noticing that we don't get notified about alerts that get raised over the weekend. Our expectation was that with these alerts, because no one is there to acknowledge them, they will still be there when someone is eventually on the roster at 9am Monday but apparently that is not the case. (The alert is in the list of alerts, but it doesn't page anyone). 

Is there a way to ensure that the person that gets rostered on at 9am Monday will be notified of any alerts that were triggered over the preceding weekend (period where no one was on-call)? 


Labels (1)
Tags (2)
Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...