I am currently managing 50 alerts and this number will multiply in the next couple of weeks. Editing my alerts is cumbersome. If I want to change a common property, I have to change every single instance by itself. Is there a way to change an alert property like its permissions, or triggers, for multiple alerts at a time?
I have looked at "Alert Manager", but it seems to be tailored to managing incidents, not the actual alerts in of itself.
If you have access to the file system, you could make bulk changes to saved searches through the config files.
Permissions can be found in [$SPLUNK_HOME$]\etc\apps\[your app]\metadata\local.meta. The admin manual page is here
All other search attributes (action, email, search string, etc.) can be found in [$SPLUNK_HOME$]\etc\apps\[your app]\local\savedsearches.conf. The admin manual page is here.
It's not the most elegant way, but I'm not aware of any way to make bulk changes within the UI.