topic How to create a simple alert using REST API in Splunk Dev

How to create a simple alert using REST API

Manware — Wed, 02 Mar 2022 17:39:01 GMT

Hi,

I am unable to create a simple alert using the following documentation.

As per documentation, the required parameters are Search and name.

Following code is written in Javascript

Here is my request:

const data = {
  "alert_comparator": "equal to",
  "alert_threshold": "0",
  "alert_type": "number of events",
  "cron_schedule": "*/1 * * * *",
  "search": "index%3D%22global-events-qa%22%20functionName%3D%22correspondence-service%22",
  "name": "Simple alert"
}
const response = await axios.post(' https://app.splunkcloud.com:8089/services/saved/searches',  data,{
    headers: { ...(await getAuth({region: 'ap-southeast-2'}))}
});

Here is the error:

Cannot perform action "POST" without a target name to act on.

Documentation Link: https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch?_ga=2.62077416.557388192.1646109950-663789425.1628561939#saved.2Fsearches

It will be really great if you could share some working examples somewhere in your documentation.

Thanks in advance!

Re: create a simple alert using REST API

richgalloway — Wed, 02 Mar 2022 14:19:08 GMT

The linked documentation does have examples. Click on the [Expand] link then scroll past the argument tables to find the examples.

The example for creating a search uses a name without spaces. I wonder if that will make a difference.

Re: How to create a simple alert using REST API

Manware — Thu, 03 Mar 2022 05:46:27 GMT

Thanks @richgalloway . I saw that example before. that's curl + XML. I was looking for an example with a json format.

After fiddling with it for some time, I came to know that the 'data' in above request has to be url encoded. then it worked fine.

cheers