Find the historical execution of alerts and sendin...

Alerting

Hi everyone,

I am searching a way to have a list of every alert (sending email) goes along with: schedule (cron), last run, send email (sent or not)

Until now I can find this list of info but still not success to have the last run and send email

|rest/servicesNS/-/App_name/saved/searches
| fields title disabled actions alert.severity cron_schedule action.email.to action.email.bcc is_schedule max_concurrent next_schedule_time run_n_times
| where disabled=0 
|where actions="email"
|table title cron_schedule action.email.to action.email.bcc is_schedule max_concurrent next_schedule_time run_n_times

Anyone has an idea, please?

Thanks in advanced!

Get Updates on the Splunk Community!

Observability Newsletter Highlights | March 2023

March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...

Platform Newsletter Highlights | March 2023

March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...