topic Re: how to search for no. of active alerts through search and Reporting in Dashboards & Visualizations

how to search for no. of active alerts through search and Reporting

priyankara — Wed, 30 Oct 2019 12:29:21 GMT

I am trying to search for the no. of active alerts which are there is the system for my index and sources by splunk query language to be run on Search and Reporting App, how can I go about this ?

Re: how to search for no. of active alerts through search and Reporting

kamlesh_vaghela — Wed, 30 Oct 2019 12:45:15 GMT

@priyankara

You can use rest command for having a list of savedsearches and other details.

https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/Rest

You can use below search for reference. You need to modify as per your requirement. This search will list all the enabled savedsearches.

| rest /servicesNS/-/-/saved/searches splunk_server=local | search disabled=0

UPDATED:

Please try this search.

| rest /servicesNS/-/-/saved/searches splunk_server=local 
| search "alert.suppress" IN (1,0) AND  disabled=0 
| table title disabled "eai:acl.app" "eai:acl.owner" search

Thanks

Re: how to search for no. of active alerts through search and Reporting

priyankara — Thu, 31 Oct 2019 03:10:12 GMT

@kamlesh_vaghela
Thanks Kamlesh but I am looking for a query to get the active alerts which are active in the system.

Re: how to search for no. of active alerts through search and Reporting

kamlesh_vaghela — Thu, 31 Oct 2019 04:30:02 GMT

@priyankara

Please check my UPDATED answer.