Solved: Table ES Suppressions including start time and end...

jacqu3sy · ‎01-04-2018

I'm looking to create a dashboard of existing suppression's, and those that have recently expired or will expire in the near future.

But I'm struggling to find where I can extract the relevant >=time and <=time used within the suppression.

notable includes the suppression name, but not when it expires. Cant seem to find where this is stored. Any ideas?

grsmith · ‎03-01-2018

I had this question as well, because I wanted to set up alerts around soon to expire suppressions. I found an out-of-box macro that gathers the relevant info using the "rest" search command.

| suppression_eventtypes

View solution in original post

grsmith · ‎03-01-2018

I had this question as well, because I wanted to set up alerts around soon to expire suppressions. I found an out-of-box macro that gathers the relevant info using the "rest" search command.

| suppression_eventtypes

jacqu3sy · ‎03-02-2018

Thats exactly what I was after. Thanks!

Table ES Suppressions including start time and end time

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Instrumenting Java Websocket Messaging