Alerting

How to submit a search and setup associated alert via Splunk REST API?

a212830
Champion

Hi,

Is there any way to submit a search and setup an associated alert with it, via Splunk's REST API?

Tags (2)
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

Sure, all it takes is a post to saved/searches with the appropriate settings for the alert. That creates the search and the alert, they're contained in the same object.

http://docs.splunk.com/Documentation/Splunk/6.1.3/RESTAPI/RESTsearch#POST_saved.2Fsearches

Remember, as a basic rule anything possible through the regular Web UI can be done through the REST API because it's just another client of that very API.

View solution in original post

nilendra19888
Explorer

@martin_mueller How to create an alert in Splunk using REST API using json payload in prod. ( I extracted JSON payload using REST from another splunk environment i.ie pre prod)

0 Karma

sarit_s
Communicator

@martin_mueller is there a way to run an alert with the rest api ?
i can't find an example for that.
i can see that it is possible to see fired alerts or list of alert actions but how can i set an alert with the api ?

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Sure, all it takes is a post to saved/searches with the appropriate settings for the alert. That creates the search and the alert, they're contained in the same object.

http://docs.splunk.com/Documentation/Splunk/6.1.3/RESTAPI/RESTsearch#POST_saved.2Fsearches

Remember, as a basic rule anything possible through the regular Web UI can be done through the REST API because it's just another client of that very API.

martin_mueller
SplunkTrust
SplunkTrust

Anything you can do through the Web UI can be done through the REST API. Look at the action.script.* keys, set those and Splunk will run a script as an alert action.

0 Karma

a212830
Champion

Thanks. It appears that the only way to trigger a notification is via email? I don't see any way to run a script, which is how we integrate with our ticketing system.

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...