Sure, all it takes is a post to saved/searches
with the appropriate settings for the alert. That creates the search and the alert, they're contained in the same object.
http://docs.splunk.com/Documentation/Splunk/6.1.3/RESTAPI/RESTsearch#POST_saved.2Fsearches
Remember, as a basic rule anything possible through the regular Web UI can be done through the REST API because it's just another client of that very API.
@martin_mueller How to create an alert in Splunk using REST API using json payload in prod. ( I extracted JSON payload using REST from another splunk environment i.ie pre prod)
@martin_mueller is there a way to run an alert with the rest api ?
i can't find an example for that.
i can see that it is possible to see fired alerts or list of alert actions but how can i set an alert with the api ?
Sure, all it takes is a post to saved/searches
with the appropriate settings for the alert. That creates the search and the alert, they're contained in the same object.
http://docs.splunk.com/Documentation/Splunk/6.1.3/RESTAPI/RESTsearch#POST_saved.2Fsearches
Remember, as a basic rule anything possible through the regular Web UI can be done through the REST API because it's just another client of that very API.
Anything you can do through the Web UI can be done through the REST API. Look at the action.script.*
keys, set those and Splunk will run a script as an alert action.
Thanks. It appears that the only way to trigger a notification is via email? I don't see any way to run a script, which is how we integrate with our ticketing system.