Solved: Is there an easy way to use the REST API to disabl...

titleistfour · ‎01-14-2015

Hello,

Is there an easy way to use the API to disable Splunk alerts during a maintenance window? Say for instance, disable the Send Email action for the alert via Rest API.

Any suggestions?

Thanks,
Jay

titleistfour · ‎01-14-2015

This might help someone in the future who needs to use Curl.

To disable email for an alert
curl -k -u admin:pass https://splunkserver:8089/servicesNS/nobody/search/saved/searches/MyAlert1 -d "actions="

To enable email for an alert
curl -k -u admin:pass https://splunkserver:8089/servicesNS/nobody/search/saved/searches/MyAlert1 -d "actions=email"

View solution in original post

titleistfour · ‎01-14-2015

This might help someone in the future who needs to use Curl.

To disable email for an alert
curl -k -u admin:pass https://splunkserver:8089/servicesNS/nobody/search/saved/searches/MyAlert1 -d "actions="

To enable email for an alert
curl -k -u admin:pass https://splunkserver:8089/servicesNS/nobody/search/saved/searches/MyAlert1 -d "actions=email"

pretzel2 · ‎12-18-2017

Is a Splunk restart required after making this call?

srisplunk12 · ‎03-29-2017

@titleistfour does this apply if we are triggering alert notifications from Splunk through Microsoft outlook as well ? also if we disable during the maintenance ,do they get stored an trigger in bulk once we setup the connection after maintenance?

titleistfour · ‎01-14-2015

Looks like I just need to use the API to send

POST saved/searches/{name} with actions = rss for the parameters to disable.
POST saved/searches/{name} with actions = rss,email for the parameters to enable.

I think.

Jay

Is there an easy way to use the REST API to disable Splunk alerts during a maintenance window?

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor