Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Table ES Suppressions including start time and end time

jacqu3sy
Path Finder
‎01-04-2018 07:49 AM

I'm looking to create a dashboard of existing suppression's, and those that have recently expired or will expire in the near future.

But I'm struggling to find where I can extract the relevant >=time and <=time used within the suppression.

notable includes the suppression name, but not when it expires. Cant seem to find where this is stored. Any ideas?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

grsmith
Engager
‎03-01-2018 11:20 AM

I had this question as well, because I wanted to set up alerts around soon to expire suppressions. I found an out-of-box macro that gathers the relevant info using the "rest" search command.

| suppression_eventtypes

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

grsmith
Engager
‎03-01-2018 11:20 AM

I had this question as well, because I wanted to set up alerts around soon to expire suppressions. I found an out-of-box macro that gathers the relevant info using the "rest" search command.

| suppression_eventtypes

0 Karma
Reply
Solved! Jump to solution

jacqu3sy
Path Finder
‎03-02-2018 02:44 AM

Thats exactly what I was after. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...