Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Table ES Suppressions including start time and end time

jacqu3sy
Path Finder
‎01-04-2018 07:49 AM

I'm looking to create a dashboard of existing suppression's, and those that have recently expired or will expire in the near future.

But I'm struggling to find where I can extract the relevant >=time and <=time used within the suppression.

notable includes the suppression name, but not when it expires. Cant seem to find where this is stored. Any ideas?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

grsmith
Engager
‎03-01-2018 11:20 AM

I had this question as well, because I wanted to set up alerts around soon to expire suppressions. I found an out-of-box macro that gathers the relevant info using the "rest" search command.

| suppression_eventtypes

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

grsmith
Engager
‎03-01-2018 11:20 AM

I had this question as well, because I wanted to set up alerts around soon to expire suppressions. I found an out-of-box macro that gathers the relevant info using the "rest" search command.

| suppression_eventtypes

View solution in original post

0 Karma
Reply
Solved! Jump to solution

jacqu3sy
Path Finder
‎03-02-2018 02:44 AM

Thats exactly what I was after. Thanks!

0 Karma
Reply
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Get Updates on the Splunk Community!