This search shows all the alerts that where triggered in your splunk environment:
index=_audit action=alert_fired ss_app=* | eval ttl=expiration-now() | search ttl>0 | convert ctime(trigger_time) | table trigger_time ss_name severity | rename trigger_time as "Alert Time" ss_name as "Alert Name" severity as "Severity"
This only measures triggered alerts though, no? If you do not have an action set to trigger a “Triggered Alert”, this won’t give back correct stats.
I re-read the title and got the right context for it now. Ty.