List of Alerts via REST

The following Splunk search (query) will show a list of alerts within Splunk via the | rest call:

| rest /services/alerts/fired_alerts splunk_server=local| table eai:acl.owner eai:acl.app id title triggered_alert_count
Share This:
Tagged:

Comments

  1. William Triest

    For me, that didn’t return any useful data (just one result) which wasn’t an alert. The following appears to be a better suggested search:

    | rest splunk_server=local /servicesNS/-/-/alerts/fired_alerts

Leave A Comment?