topic Re: expose alerts with API in Alerting

expose alerts with API

sarit_s — Sun, 02 Feb 2020 17:31:12 GMT

Hello

How can I expose alerts using the API ?
i've created a saved searches.

thanks

Re: expose alerts with API

harsmarvania57 — Mon, 03 Feb 2020 15:00:17 GMT

Can you please provide some more info ? What you want to do with alerts using REST API For example: Modify or Run ?

Re: expose alerts with API

sarit_s — Mon, 03 Feb 2020 15:02:30 GMT

run. the same as it will be with the console

Re: expose alerts with API

harsmarvania57 — Mon, 03 Feb 2020 15:05:41 GMT

Have a look at Splunk SDK document https://dev.splunk.com/enterprise/docs/python/sdk-python/howtousesplunkpython/howtorunsearchespython/ (SDK available in Python, C#, Java & Javascript)

Re: expose alerts with API

sarit_s — Mon, 03 Feb 2020 15:12:57 GMT

thanks, it is an interesting option but it is not what im looking for.
i need to run it with some tool like postman

Re: expose alerts with API

harsmarvania57 — Mon, 03 Feb 2020 15:19:13 GMT

Have a look at Job Export REST API https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTREF/RESTsearch#search.2Fjobs.2Fexport and old answer https://answers.splunk.com/answers/596185/doing-search-through-rest-api-using-postman-giving.html

Re: expose alerts with API

sarit_s — Mon, 03 Feb 2020 15:27:40 GMT

thanks. i already read it. maybe im missing something but it is not working

Re: expose alerts with API

harsmarvania57 — Mon, 03 Feb 2020 15:30:01 GMT

In that case you need to provide more details, what have you tried (Like which REST API are you using with search query), what errors are you getting.

Re: expose alerts with API

sarit_s — Mon, 03 Feb 2020 15:50:12 GMT

i don't see an option to run the alert. i see an option to see the fired alerts or alerts actions.
get you please give me an example of how to run an alert ? even from command line

Re: expose alerts with API

harsmarvania57 — Tue, 04 Feb 2020 09:07:56 GMT

I don't have postman installed so can't give you postman example but if you look at documentation https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTREF/RESTsearch#search.2Fjobs.2Fexport, they have provided below example

curl -k -u admin:password https://splunkserver:8089/services/search/jobs/export -d search="savedsearch \ MySavedSearch%20host%3Dwolverine*"

Additionally have a look at https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTTUT/RESTsearches

Re: expose alerts with API

sarit_s — Tue, 04 Feb 2020 11:49:28 GMT

im getting this error :

curl: (6) Could not resolve host: splunkserver

Re: expose alerts with API

harsmarvania57 — Tue, 04 Feb 2020 14:55:01 GMT

You need to replace splunkserver with your actual splunk server hostname or ip address.

Re: expose alerts with API

sarit_s — Tue, 04 Feb 2020 17:05:46 GMT

ohhh oopssss
but anyway, im getting an error:
this is my command:

curl -k -u admin:1qaz@wsx https://localhost:8089/services/search/jobs/export -d search="savedsearch \ DeletedLuckyCart"

this is the error :

Error in 'savedsearch' command: Unable to find saved search named '\'.