SPL
List of Alerts via REST
Description
The following Splunk search (query) will show a list of alerts within Splunk via the | rest call:
3 2
| rest /services/alerts/fired_alerts splunk_server=local| table eai:acl.owner eai:acl.app id title triggered_alert_count
Comments
2 total
For me, that didn't return any useful data (just one result) which wasn't an alert. The following appears to be a better suggested search:\r\n\r\n| rest splunk_server=local /servicesNS/-/-/alerts/fired_alerts
please can someone create me a search query that will show the highest source utilizing the license?
Leave a comment
You must log in to post a comment.