Hi,
I wondered if anybody had created a dashboard which shows information about triggered events. Like stats that you would expect from a service desk.
Thanks
There are several ways to accomplish this.
First, there is an out of box Alerts console that may provide a solution or inspire a customization.
The fired alerts REST endpoint can provide information too. Example of querying that endpoint using Splunk search language:
| rest /services/alerts/fired_alerts splunk_server=local| table eai:acl.owner eai:acl.app id title triggered_alert_count
Audit.log is another place from which you can derive information. Sample entry of fired alert:
03-04-2014 00:20:01.515 -0500 INFO AuditLogger - Audit:[timestamp=03-04-2014 00:20:01.515, user=admin, action=alert_fired, ss_user="admin", ss_app="search", ss_name="test", sid="scheduler__admin__search__test_at_1393910400_4278", alert_actions="", severity=2, trigger_time=1393910401, expiration=1393996801, digest_mode=1, triggered_alerts=1][n/a]
@bwooden the fired alerts REST endpoint works very well but how I can I restrict the time range? It doesn't respond to time range picker.