cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
suhanishah
Loves-to-Learn
Member since: 2 weeks ago
2 weeks ago
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-14-2024
View All

Re: How to exclude alert to trigger during mainten...

by in Splunk Search
2 weeks ago
2 weeks ago
I have created two queries : The below is for the correct outage window  And the second one with any random date to see if alert is triggered when one of server goes down  Both has same trigger condition set : | where is_maintenance_window=0 AND is_server_down=1 ... View more

Re: How to exclude alert to trigger during mainten...

by in Splunk Search
2 weeks ago
2 weeks ago
@sjringo  - This is the result when servers are taking traffic . I am going to test it tonight when servers goes down if alert is getting triggered outside window as well as alert not triggered during window . In both cases atleast one server is down. ... View more

Re: How to exclude alert to trigger during mainten...

by in Splunk Search
2 weeks ago
2 weeks ago
@sjringo  - We don't have specific date as it keeps changing so I created two variables where I specify date and time .    | eval excluded_start_time=strptime("2024-04-14 21:00:00", "%Y-%m-%d %H:%M:%S") | eval excluded_end_time=strptime("2024-04-15 04:00:00", "%Y-%m-%d %H:%M:%S   ... View more

Re: How to exclude alert to trigger during mainten...

by in Splunk Search
2 weeks ago
2 weeks ago
@sjringo - what should be my trigger condition ?  Also how your query will identify which date as I don't want alert not to be triggered everyday from 21:00 to 4:00 am. I want just specific date which is going to be 23rd april from 9 pm to 24th april 4 am    ... View more

Re: How to exclude alert to trigger during mainten...

by in Splunk Search
2 weeks ago
2 weeks ago
@marnall - @richgalloway  solution is creating false alerts and triggering alerts even when servers are up. Can you provide any other solution in such way that alert is not triggered in maintenance window even though servers are down but alert gets only triggered outside window with condition atleast one of the server is down ... View more

How to exclude alert to trigger during maintenance...

by in Splunk Search
2 weeks ago
2 weeks ago
Requirement - alert only needs to trigger outside window even if server is down in maintenance window | tstats count where index=cts-dcpsa-app sourcetype=app:dcpsa host_ip IN (xx.xx.xxx.xxx, xx.xx.xxx.xxx) by host | eval current_time=_time | eval excluded_start_time=strptime("2024-04-14 21:00:00", "%Y-%m-%d %H:%M:%S") | eval excluded_end_time=strptime("2024-04-15 04:00:00", "%Y-%m-%d %H:%M:%S") | eval is_maintenance_window=if(current_time >= excluded_start_time AND current_time < excluded_end_time, 1, 0) | eval is_server_down=if((host="xx.xx.xxx.xxx" AND count == 0) OR (host="xx.xx.xxx.xxx" AND count == 0) 1, 0 ) Trigger condition- |search is_maintenance window = 0 AND is_server_down=1 Alert is not getting triggered outside maintenance window even though one of server is down. Help me what is wrong in query or another possible solution ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
2 weeks ago