Solved: How to use a Splunk API to retrieve results of a t...

worldexplorer81 · ‎09-20-2022

Hi,

I have set up an alert and under Actions, I have added 'Add to triggered Alerts'.

I would like to be able to use an API to retrieve the actual results of a specific triggered alert (Example, get the results of the alert triggered at 17.43.

I am using alerts/fired_alerts/<alert_name> but it just gives me the list of trigger history.

Is it possible to be able to retrieve the actual results? Preferably in JSON

richgalloway · ‎09-21-2022

The fired_alerts response will include a search ID (sid), which you then can use in the search/jobs/{search_id}/results API call to get the search results.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎09-21-2022

The fired_alerts response will include a search ID (sid), which you then can use in the search/jobs/{search_id}/results API call to get the search results.

---
If this reply helps you, Karma would be appreciated.

How to use a Splunk API to retrieve results of a triggered alert?

alert action

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

How to use a Splunk API to retrieve results of a triggered alert?

alert action

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases