Splunk:限制警报
[英]Splunk: Throttling of alerts
问题描述
I have configured an alert which runs every ten minutes and is triggered if the number of events is bigger than zero.
我已经配置了一个警报,它每十分钟运行一次,如果事件数大于零就会触发。 I want this alert to be triggered or rather the mail for this alert to be sent only when it appears the first time.我希望触发此警报,或者更确切地说,仅在第一次出现时才发送此警报的邮件。 And the next email should then be sent if the alert condition is triggered for example one hour after the first mail.如果警报条件在第一封邮件后一小时触发,则应发送下一个 email。 So, what I did I checked the throttle box and chose as time frame there to suppress the next trigger for one hour.所以,我做了什么,我检查了油门盒,并选择在那里作为时间框架来抑制下一个触发器一小时。
What I want to achieve here is this for example: Alert condition was triggered at 8:00 am Additionally at 8:30 am, 8:55 am and at 9:05 am Then I would like to receive in total two alerts.例如,我想在这里实现的是:警报条件在上午 8:00 触发另外在上午 8:30、上午 8:55 和上午 9:05 然后我想总共收到两个警报。 One at 8:00 am and the other one at 9:10.上午 8:00 一个,另一个在 9:10。
Do I get exactly this by the configurations I described above?通过我上面描述的配置,我能得到这个吗?
1 个解决方案
解决方案1
2 已采纳 2021-01-20 12:34:51
Yes, that is what your throttling configuration will do.是的,这就是您的节流配置将执行的操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.