Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Dashboard for Triggered Alerts

j666gak
Communicator
‎03-03-2014 05:55 PM

Hi,

I wondered if anybody had created a dashboard which shows information about triggered events. Like stats that you would expect from a service desk.

Thanks

Tags (3)
Reply

bwooden
Splunk Employee
Splunk Employee
‎03-03-2014 09:23 PM

There are several ways to accomplish this.

First, there is an out of box Alerts console that may provide a solution or inspire a customization.

The fired alerts REST endpoint can provide information too. Example of querying that endpoint using Splunk search language: 

| rest /services/alerts/fired_alerts splunk_server=local| table eai:acl.owner eai:acl.app id title triggered_alert_count

Audit.log is another place from which you can derive information. Sample entry of fired alert:

03-04-2014 00:20:01.515 -0500 INFO  AuditLogger - Audit:[timestamp=03-04-2014 00:20:01.515, user=admin, action=alert_fired, ss_user="admin", ss_app="search", ss_name="test", sid="scheduler__admin__search__test_at_1393910400_4278", alert_actions="", severity=2, trigger_time=1393910401, expiration=1393996801, digest_mode=1, triggered_alerts=1][n/a]
Reply

electronicbat
New Member
‎03-09-2021 04:00 AM

@bwooden the fired alerts REST endpoint works very well but how I can I restrict the time range? It doesn't respond to time range picker.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...