List of Alerts via REST REST ItsJohnLocke 2 Comments Vote Up +3 Vote Down -2You already voted! The following Splunk search (query) will show a list of alerts within Splunk via the | rest call: | rest /services/alerts/fired_alerts splunk_server=local| table eai:acl.owner eai:acl.app id title triggered_alert_count Share This: Tagged: alertsREST
William Triest January 11, 2019 at 1:26 pm For me, that didn’t return any useful data (just one result) which wasn’t an alert. The following appears to be a better suggested search: | rest splunk_server=local /servicesNS/-/-/alerts/fired_alerts Reply
Tebz Isea December 4, 2020 at 8:20 am please can someone create me a search query that will show the highest source utilizing the license? Reply
For me, that didn’t return any useful data (just one result) which wasn’t an alert. The following appears to be a better suggested search:
| rest splunk_server=local /servicesNS/-/-/alerts/fired_alerts
please can someone create me a search query that will show the highest source utilizing the license?