Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Table ES Suppressions including start time and end time

jacqu3sy
Path Finder
‎01-04-2018 07:49 AM

I'm looking to create a dashboard of existing suppression's, and those that have recently expired or will expire in the near future.

But I'm struggling to find where I can extract the relevant >=time and <=time used within the suppression.

notable includes the suppression name, but not when it expires. Cant seem to find where this is stored. Any ideas?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

grsmith
Engager
‎03-01-2018 11:20 AM

I had this question as well, because I wanted to set up alerts around soon to expire suppressions. I found an out-of-box macro that gathers the relevant info using the "rest" search command.

| suppression_eventtypes

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

grsmith
Engager
‎03-01-2018 11:20 AM

I had this question as well, because I wanted to set up alerts around soon to expire suppressions. I found an out-of-box macro that gathers the relevant info using the "rest" search command.

| suppression_eventtypes

0 Karma
Reply
Solved! Jump to solution

jacqu3sy
Path Finder
‎03-02-2018 02:44 AM

Thats exactly what I was after. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...