Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Bulk alert description update

soofz
New Member
‎12-09-2019 05:20 AM

I have about 50 splunk alerts with various descriptions. I would like to update the description by adding the word Splunk to the beginning of the description. Is there a way to accomplish this without going into the UI for each alert and renaming the alert?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-09-2019 06:03 AM

You can use your favorite text editor to modify the appropriate savedsearches.conf file then restart Splunk. The file to modify depends on the app in which your alerts are defined. It will be $SPLUNK_HOME/etc/apps/myapp/local/savedsearches.conf.

---
If this reply helps you, Karma would be appreciated.
Reply

soofz
New Member
‎12-11-2019 03:58 AM

Thanks for your answer @richgalloway

Please forgive my ignorance, still new to the Splunk world.
I have been reading up about your suggestion. Just like to confirm my approach...

Am I correct to say I need to add the following to my savedsearch.conf file...

alert.name = "Splunk $name"

And after this update would I need to update any metadata files?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-12-2019 04:53 AM

Your savedsearches.conf file should already contain alert.name attributes. You only need to modify those values to suit your needs. There is no need to update the metadata files.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...