Using Forwarder Awareness, Forwarder Group owners can get alerts when Forwarders in the group go missing. However, in the state where a machine will have a planned down time, or there are known stability issues with select Forwarders, it can be useful for Admins to disable alerting for particular Forwarders in a group to reduce alert fatigue and false positives. Follow these instructions to use the Disable Alert feature in Forwarder Awareness.
You must have Splunk admin permissions to follow these steps
Review Current Alert Status
On Atlas Forwarder Awareness's home page, Forwarder Groups Overview, select the group that contains the Forwarder, or Forwarders, that should have it's alert disabled. This will open the Forwarder Awareness Report dashboard.
Review the Forwarder Inventory table, and identify the Forwarder that should have it's alerting disabled. Review the Alert column to see its current status.
Silent Bell: This Forwarder has it's alert disabled. If the group is being monitored, Forwarder Awareness will not notify the Forwarder Group owner when it reports missing.
Ringing Bell: This Forwarder has it's alert enabled. If the group is being monitored, Forwarder Awareness will notify the Forwarder Group owner when it reports missing. This is the default setting for all Forwarders.
Clicking the Bell icon will reload the page and change the selected Forwarder from its status to the other, enabling Splunk Admins to silent specific Forwarders from triggering the Forwarder Awareness Alert.
Forwarders that have their alerts disabled will still record their Up Time, and influence the Group Up Time with their behavior
Disabling an Alert Example
Joey is expecting Forwarder machine001 to brought down for maintenance this weekend as part of a system upgrade. Joey knows machine001 is part of Forwarder Group Alpha, which is alerting Joey when a Forwarder goes missing. To prevent any alerts from triggering on this planned outage, Joey navigates to that group Alpha's Forwarder Awareness Report dashboard. Joey reviews the Forwarder Inventory table, and identifies machine001 in the list.
Joey recognizes that the Alert is enabled for machine001, so they select the bell icon, reloading the page and disabling the alert.
Now, when machine001 is brought down, Joey will not be notified. Of course, if any other machines in group Alpha go missing, they will be notified! Joey should re-enable the alerting after the maintenance window has passed.