Hi. I am trying to create real-time alerts using splunk REST API by using https://localhost:8089/services/saved/searches?output_mode=json POST API with the following parameters :-
- alert_type = always
- is_scheduled = 1
- cron_schedule = * * * * *
- alert_comparator = greater than
- alert_threshold = 0
- search = index=*
- name = Demo-alert-test
- actions = webhook
- action.webhook.param.url = my-webhook-url
- allow_skew = 0
With the help of these parameters, I am only generating alerts with cron scheduling. Is there any way to create alerts for real time scheduling. Need Good suggestions. Thanks!
