https://community.splunk.com/t5/Alerting/Export-list-of-triggered-alerts/m-p/578350#M13313 <P>There's no single request to get that information.&nbsp; You can use a REST call to get a list of alerts that triggered and then use that to search the internal indexes for details.&nbsp; Perhaps this query will get you started.</P><LI-CODE lang="markup">index=_internal [ | rest /servicesNS/-/-/alerts/fired_alerts/ | rename title as savedsearch_name | return 1000 savedsearch_name] result_count!=0 | table savedsearch_name _time</LI-CODE> Tue, 14 Dec 2021 16:57:20 GMT richgalloway 2021-12-14T16:57:20Z https://community.splunk.com/t5/Alerting/Export-list-of-triggered-alerts/m-p/578314#M13312 <P>How do I export of list of triggered alerts in a CSV for a certain period of time from Splunk Cloud? This should be something like the view on the Activity&gt;Triggered Alerts screen? The important fields are triggered time and title of alert.</P><P>Thank you.</P> Tue, 14 Dec 2021 12:57:15 GMT https://community.splunk.com/t5/Alerting/Export-list-of-triggered-alerts/m-p/578314#M13312 ovidiupp 2021-12-14T12:57:15Z https://community.splunk.com/t5/Alerting/Export-list-of-triggered-alerts/m-p/578350#M13313 <P>There's no single request to get that information.&nbsp; You can use a REST call to get a list of alerts that triggered and then use that to search the internal indexes for details.&nbsp; Perhaps this query will get you started.</P><LI-CODE lang="markup">index=_internal [ | rest /servicesNS/-/-/alerts/fired_alerts/ | rename title as savedsearch_name | return 1000 savedsearch_name] result_count!=0 | table savedsearch_name _time</LI-CODE> Tue, 14 Dec 2021 16:57:20 GMT https://community.splunk.com/t5/Alerting/Export-list-of-triggered-alerts/m-p/578350#M13313 richgalloway 2021-12-14T16:57:20Z