Alerting

How to make a quick monthly report of all triggered alerts?

RonWonkers
Path Finder

Under "Activity" you have "Triggered Alerts" but I cant seem to make an easy to read overview/email a PDF with these numbers.

I would like to create a report of the following:

 

In previous month the following alerts were triggered:

Use case 1: 15 alerts

Use case 2: 10 alerts

Use case 3: 3 alerts

Use case 4: 0 alerts

 

I can make this manually in a dashboard but it will take a long time to do when you have 100+ use cases ..

Anybody have any insights on how to create this quickly in a (scheduled) report for the previous month?

Labels (5)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

You should be able to build a report around the REST command

| rest splunk_server=local /servicesNS/-/-/alerts/fired_alerts
---
If this reply helps you, Karma would be appreciated.

View solution in original post

RonWonkers
Path Finder

Thanks, I can work with this!

richgalloway
SplunkTrust
SplunkTrust

You should be able to build a report around the REST command

| rest splunk_server=local /servicesNS/-/-/alerts/fired_alerts
---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...