Advisor
Yeah, it can be done, but the logic has to be built in somewhere.
Just to make sure I understand the ask: you have an event source that catches, for example, 20 different events. You want alerts on 19 of those events any time they happen. On the 20th event, you want alerts all the time, except from 2-2:30am daily.
So, you want to turn off the EventSource, but only for one event within all the events caught by that ES, and you only want to SDT it during a certain time of the day.
So, you can't build this on the EventSource level, otherwise, you'd ignore all 20 event types during that time. You can't just ignore that one event because if it occurs outside that time, you want it to generate an alert.
Your only option is to ignore it in the fetching of alerts. If the ES is not Groovy based, it will need to be converted to Groovy in order to build the logic into the script to ignore that one event during that one time window.
What if you split out that one event from the 19 other events and had 2 ESs? That would be better than 20 ESs, but would allow you to leave most of the stuff handled normally. Then you'd have just the one ES to handle that one event and you could build logic into it to ignore the event during that daily timeframe.
