This app Alert Timing Optimization Scheduler provides a method for evaluating how alert and saved searches scheduling affects a Splunk Enterprise System by reading the CRON settings in the savedsearch.conf file where alert setting are stored and producing a timing list of when the alerts will be run.
In addition a new BALANCED savedsearch.conf file will be written LOCALLY in the app for a user to download and install in their Splunk Enterprise system if desired.
A balanced savedsearches.conf file will have the alerts and saved searches all running hourly using each of the 60 minutes in the hour to host an alert or alerts in the most resource conserving manner as possible.
If your Splunk Enterprise system is MISSING or SKIPPING alerts then this app is essential and will allow you to evaluate your alert schedule and optionally install a new balanced savedsearches.conf file which retains all of your alert settings. Just the timing is set to hourly for all your alerts. This will save you DAYS of using the mouse and Splunk GUI to reschedule your alerts.
Give this app a try.
At least list out your alert schedule to an easily readable .csv file.
Install this app and run
| tunealerts help
for more info
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.