Hi,
I am currently using Splunk for SNMP Up/Down traps for interfaces.
We are currently alerting for each Up/Down alert that comes in via a log file and it's getting quite messy, as quite often an Up alert will come in as soon as the Down alert has triggered - creating many false-positives.
I'm looking for a method the would simulate the following:
If a linkDown event is received and a linkUp for the same device within 5 minutes = Do not alert
If a linkDown event is received and no linkUp event is received within 5 mintues = send alert.
↧