- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to Black out my splunk alert for particular pe...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to Black out my splunk alert for particular period ?
How to Black out my splunk alert for particular period?
There are two different scenarios
firest alert:
1)16:30 ET Saturday to 00:30 ET Monday on all weekends --->black out time
index=Test_PROD source="common" LEGACY_SYSTEM_NAME=Test|rename GUID as CS_GUID| join type=outer CS_GUID [search source="errordetail" NOT [search index=Test_PROD sourcetype="Logging" SEVA+Test OR ACES OR NPI 0x00030001 |rename GUID as CS_GUID | table CS_GUID]] | stats count(eval(TRAN_TYPE="275")) as "T275Count" count(eval(ERROR_CODE="Y42R")) as Y42RCount by LEGACY_SYSTEM_NAME | eval Y42RPerc = Y42RCount*100/T275Count| where Y42RCount >5
Second alert:
00:00 to 08:00 ET on weekdays and 20:00 to 08:00 ET on weekends --->black out time
index=Test_PROD source="common" LEGACY_SYSTEM_NAME=Test|rename GUID as CS_GUID| join type=outer CS_GUID [search source="errordetail" NOT [search index=Test_PROD sourcetype="Logging" SEVA+Test OR ACES OR NPI 0x00030001 |rename GUID as CS_GUID | table CS_GUID]] | stats count(eval(TRAN_TYPE="275")) as "T275Count" count(eval(ERROR_CODE="Y42R")) as Y42RCount by LEGACY_SYSTEM_NAME | eval Y42RPerc = Y42RCount*100/T275Count| where Y42RCount >5
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Apparently it's not possible to put all condition in 1 cron schedule, you have to create 4 separate alert with below suggested cron.
16:30 ET Saturday to 00:30 ET Monday on all weekends :
Cron : */30 * * * 1,2,3,4,5
: */30 0-16 * * 600:00 to 08:00 ET on weekdays and 20:00 to 08:00 ET on weekends
Cron : */30 9-23 * * 1,2,3,4,5
: */30 8-19 * * 0,6
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Foe weekend you want 20:00 to 08:00 ET on weekends this or 16:30 ET Saturday to 00:30 ET Monday on all weekends?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi p_gurav
mentioned two alert scenarios
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How frequently this alerts are running? You can do this black out thing with cron schedule, but to help you with that I need alert frequency.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
every 30 min
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
