Is there anyway to find the created timestamp of a... - Splunk Community

Alerting

is ther any way to find the created timestamp of an alert ?

@dilsheer, provided you have access you can try the following REST API call for getting the details for Triggered Alerts, including Triggered Time:

| rest /servicesNS/<ownerRole>/<yourSplunkAppName>/alerts/fired_alerts/<yourAlertNameURLEncoded>
| dedup "eai:acl.owner" "eai:acl.app" savedsearch_name
| search "eai:acl.owner"="<ownerRole>" "eai:acl.app"="<yourSplunkAppName>" savedsearch_name="<yourAlertNameAsIs>"
| table savedsearch_name "eai:acl.owner" "eai:acl.app" trigger_time id

Please find the Splunk Documentation for corresponding REST API: http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch#alerts.2Ffired_alerts.2F.7Bnam...

PS:

While providing the Alert {Name} in REST, make sure you have it URL Encoded i.e. space becomes %20.
Obviously this endpoint will work only for Alerts that are Enabled.
Replace, <ownerRole>, <yourSplunkAppName>, <yourAlertNameURLEncoded> and <yourAlertNameAsIs> with what you have in your system.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Get Updates on the Splunk Community!

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...