Find the historical execution of alerts and sendin...

Alerting

Hi everyone,

I am searching a way to have a list of every alert (sending email) goes along with: schedule (cron), last run, send email (sent or not)

Until now I can find this list of info but still not success to have the last run and send email

|rest/servicesNS/-/App_name/saved/searches
| fields title disabled actions alert.severity cron_schedule action.email.to action.email.bcc is_schedule max_concurrent next_schedule_time run_n_times
| where disabled=0 
|where actions="email"
|table title cron_schedule action.email.to action.email.bcc is_schedule max_concurrent next_schedule_time run_n_times

Anyone has an idea, please?

Thanks in advanced!

Get Updates on the Splunk Community!

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...

Announcing Our Splunk MVPs

We are excited to announce the first cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...