Hi, Wanted to check on solutions to snooze Splunk Alert. When a service is down, we disable the Splunk Alert till it is being worked. Sometime, the engineer forgets to enable to Alert back. is there a Add on or option in splunk to snooze for 1 hour or so and turn the Alert back ON. Kindly suggest.
Hi @arunsubram,
Instead of enabling/disable Alerts I suggest to set Throttle
in alerts. In your case, you can Throttle
alerts for 60 min. Please refer below link for more information.
https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Alert/ThrottleAlerts
Thanks