Re: Disable the alerts while disable maintenance ...

Veeru · ‎08-11-2022

Hello Splunk team,

I am trying for a logic to disable the alerts in the particular app while I disable maintenance mode in master app
Is this possible in Splunk?

Please help me out with this?

gcusello · ‎08-11-2022

Hi @Veeru,

for my knowledge it isn't possible to disable all alert with one step, you have to disable all of them one by one.

As a workaround, if the main action of your alerts is sending an email, you could disable email sending for the maintenance period so alerts continue to fire but emails aren't generated.

In the same way, if the main action of your alerts is executing a script, e.g. to open a ticket on an external troubletickeing system, you could disable the script for the maintenance period.

Ciao.

Giuseppe

Veeru · ‎08-18-2022

Hello @gcusello

Thank you for reply,

Can you please help me how to disable mails and tickets while i set to maintenance mode.

gcusello · ‎08-18-2022

Hi @Veeru,

you can disable email sendings, simply temporary modifying the information about the email server at [Settings -- Server Settings -- eMail Setings], and then restore the correct information at the end of the maintenance period.

For the scripts, you have to intervene on the script, e.g. temporary renaming it.

Ciao.

Giuseppe

Disable the alerts while disable maintenance mode in master app?

lookup

other

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!