Alerting

Help me out how to download all the rules/usecases in splunk

mputtam
Path Finder

Hi community,

Currently we are having 82 active rules/use cases in splunk and few of them were disabled. I was trying to pull the report of all the 82 rules but i couldn't able to do. I would requesting you to help me out on this...?

Thanks in advance,
Kishore. 

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

You don't say where are finding 82 so I can't advise about the difference.

The status of each alert is in the "disabled" field.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Start with this query then add a table command to display the fields you care about.

| rest /servicesNS/-/-/saved/searches splunk_server=local 
| search alert_type!="always" 

 

---
If this reply helps you, Karma would be appreciated.
0 Karma

mputtam
Path Finder

Hi  @richgalloway  

Thanks for you hear back...!

The below mentioned quire is showing 182 rules but i could see in the setting only 82. is there something we have to add..?
can we get the status (ie enabled or disabled) on this...?

Thanks,
Kishore

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...