List of Alerts via REST

The following Splunk search (query) will show a list of alerts within Splunk via the | rest call:

Share This:
Tagged:

Comments

  1. William Triest

    For me, that didn’t return any useful data (just one result) which wasn’t an alert. The following appears to be a better suggested search:

    | rest splunk_server=local /servicesNS/-/-/alerts/fired_alerts

Leave A Comment?