Hello,
I am using Alert Manager to handle all alerts being created in my Splunk instance. And I am able to create Suppression Rules for a specific time slot using the Suppression menu provided in the app.
Current Suppression looks like:
Match Type ALL
$result.host$ is MYSERVER123
_time > 1518867000
_time < 1518944400
I have some servers and applications which only need to be monitored from 8am to 10pm on a daily basis as they are powered off outside office hours. With the current implementation, I have to set up a single suppression rule for each day.
Is there a way to provide this schedule in Splunk/Alert Manager so that alerts are suppressed in a specific duration.
Splunk v7.0.0
Alert Manager v2.2.2
Thanks!
We could not find a way to do it via Alert Manager. So we created an external script to resolve the alerts after creation.