Hi Team,
I am having few devices located across the globe and want to monitor only during their Business hour timings only.
index=opennms
| fieldformat Time=strftime(Time,"%Y-%m-%d %l:%M:%S")
| table DEVICE,ALERT,SITECODE,COUNTRY,REGION,TIME_ZONE
Output :
| DEVICE | ALERT | SITECODE | COUNTRY | REGION | TIME_ZONE |
| FRNDG | DEVICE DOWN | NDG | France | Europe | +01:00 |
| FRNDG | INTERFACE DOWN | NDG | France | Europe | +01:00 |
| SGACB | BGP DOWN | ACB | Singapore | Asia Pacific | +08:00 |
| NGERH | INTERFACE UTILIZATION | ERH | Nigeria | Middle East / Africa | +01:00 |
| USBMT | ISIS FLAP | BMT | United States | North America | -06:00 |
| USBTN | BGP DOWN | BTN | United States | North America | -06:00 |
| SGSNG | INTERFACE DOWN | SNG | Singapore | Asia Pacific | +08:00 |
| USEMC | DEVICE DOWN | EMC | United States | North America | -06:00 |
| CAKRL | INTERFACE DOWN | KRL | Canada | North America | -07:00 |
| FRFOS | BGP DOWN | FOS | France | Europe | +01:00 |
only during the 9AM to 5PM of that business hour of that country Splunk should search for alerts or generate alerts and rest all time it should disable the alerting, is that possible.
