All Apps and Add-ons

Schedule Recurring Suppression using Alert Manager

KARANMALHOTRA
Path Finder

Hello,

I am using Alert Manager to handle all alerts being created in my Splunk instance. And I am able to create Suppression Rules for a specific time slot using the Suppression menu provided in the app.

Current Suppression looks like:
Match Type ALL
$result.host$ is MYSERVER123
_time > 1518867000
_time < 1518944400

I have some servers and applications which only need to be monitored from 8am to 10pm on a daily basis as they are powered off outside office hours. With the current implementation, I have to set up a single suppression rule for each day.

Is there a way to provide this schedule in Splunk/Alert Manager so that alerts are suppressed in a specific duration.

Splunk v7.0.0
Alert Manager v2.2.2

Thanks!

0 Karma

KARANMALHOTRA
Path Finder

We could not find a way to do it via Alert Manager. So we created an external script to resolve the alerts after creation.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...