This might help someone in the future who needs to use Curl.
To disable email for an alert
curl -k -u admin:pass https://splunkserver:8089/servicesNS/nobody/search/saved/searches/MyAlert1 -d "actions="
To enable email for an alert
curl -k -u admin:pass https://splunkserver:8089/servicesNS/nobody/search/saved/searches/MyAlert1 -d "actions=email"
This might help someone in the future who needs to use Curl.
To disable email for an alert
curl -k -u admin:pass https://splunkserver:8089/servicesNS/nobody/search/saved/searches/MyAlert1 -d "actions="
To enable email for an alert
curl -k -u admin:pass https://splunkserver:8089/servicesNS/nobody/search/saved/searches/MyAlert1 -d "actions=email"
Is a Splunk restart required after making this call?
@titleistfour does this apply if we are triggering alert notifications from Splunk through Microsoft outlook as well ? also if we disable during the maintenance ,do they get stored an trigger in bulk once we setup the connection after maintenance?
Looks like I just need to use the API to send
POST saved/searches/{name} with actions = rss for the parameters to disable.
POST saved/searches/{name} with actions = rss,email for the parameters to enable.
I think.
Jay