Alerting

Help me out how to download all the rules/usecases in splunk

mputtam
Path Finder

Hi community,

Currently we are having 82 active rules/use cases in splunk and few of them were disabled. I was trying to pull the report of all the 82 rules but i couldn't able to do. I would requesting you to help me out on this...?

Thanks in advance,
Kishore. 

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

You don't say where are finding 82 so I can't advise about the difference.

The status of each alert is in the "disabled" field.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Start with this query then add a table command to display the fields you care about.

| rest /servicesNS/-/-/saved/searches splunk_server=local 
| search alert_type!="always" 

 

---
If this reply helps you, Karma would be appreciated.
0 Karma

mputtam
Path Finder

Hi  @richgalloway  

Thanks for you hear back...!

The below mentioned quire is showing 182 rules but i could see in the setting only 82. is there something we have to add..?
can we get the status (ie enabled or disabled) on this...?

Thanks,
Kishore

0 Karma
Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...