We would like to remove our monthly patching window from our error report that we receive from Splunk on some of our servers we report on. For example, we would like to be able to remove the data/error spike we get on the 3rd Thursday between the hours of 2pm-3pm during patching, and have this carry over into the next year, always the 3rd Thursday from 2-3pm removed from our data. In short, this would need to be a dynamic search, not specifically calling out dates.
We can't simply remove these errors themselves from the data, as every other day of the year we do want to see that information. Thoughts?
... View more