Provide the ability to disable alerts during syste...

jojoridge · ‎04-09-2014

What I'm trying to accomplish is to provide the ability to disable alerts during system maintenance.

I've read the current suggestions in this forum, but none seem as easy as what I'd like (I'm still somewhat of a novice). To complicate matters, the maintenance windows sometimes occur on a non-fixed schedule.

I know that one approach would be to create a new group and provide certain access rights to that group to enable them to manually enable/disable the alerts. So far unable to locate the details on what is needed to implement this approach. I thought perhaps the "power_user" role would provide sufficient rights, but apparently not since they already have read/write permissions and still can't enable/disable the alerts.

Actually, I'd like a better approach, but providing alert enablement/disablement rights would be at least usable.

It would be quite helpful (and educational) if someone could provide more explicit details on how to provide a non-admin user/group with the rights to enable/disable alerts.

Thanks

dkuk · ‎04-09-2014

Alternatively you could put all of the saved searches that drive the alerts in an app on their own then disable the app and hence all searches via the "manage apps" page (on v6) in the UI during a maintenance window. That would then capture all alerts in one go.

linu1988 · ‎04-09-2014

Assuming you are an admin user.

Go to saved searches for the app-> on permission of that savedsearch which acts as an alert. Provide write permission to that role. They need not be a admin user, and user can have access to enable or disable objects if they have write permission on them.

Provide the ability to disable alerts during system maintenance.

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life