Solved: How to make a quick monthly report of all triggere...

RonWonkers · ‎01-19-2024

Under "Activity" you have "Triggered Alerts" but I cant seem to make an easy to read overview/email a PDF with these numbers.

I would like to create a report of the following:

In previous month the following alerts were triggered:

Use case 1: 15 alerts

Use case 2: 10 alerts

Use case 3: 3 alerts

Use case 4: 0 alerts

I can make this manually in a dashboard but it will take a long time to do when you have 100+ use cases ..

Anybody have any insights on how to create this quickly in a (scheduled) report for the previous month?

richgalloway · ‎01-19-2024

You should be able to build a report around the REST command

| rest splunk_server=local /servicesNS/-/-/alerts/fired_alerts

---
If this reply helps you, Karma would be appreciated.

RonWonkers · ‎01-22-2024

Thanks, I can work with this!

richgalloway · ‎01-19-2024

You should be able to build a report around the REST command

| rest splunk_server=local /servicesNS/-/-/alerts/fired_alerts

---
If this reply helps you, Karma would be appreciated.

How to make a quick monthly report of all triggered alerts?