Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Modify Alert with REST API

MScottFoley
Path Finder
‎05-19-2021 12:32 PM

I wrote a program that uses the Splunk API to modify alerts.  I tested this on one of my alerts and it worked fine.  When I ran this against an alert that was owned by a splunk service account it created a new alert that was identical (identical name too) to the one I wanted to modify except the owner is now me.   In the API call I only provided the name of the alert and the section of the alert I wanted changed.   It looks to have duplicated the rest from the existing alert.   I also used a token associated with my username.    

When I look in the alerts menu I only see the original alert.   I need to use a search query (|rest/servicesNS/-/-/saved/searches | search alert.track=1...) to see the other alert. 

 1)  How do I delete the duplicate alert?  It does not appear under my alerts either.  I don't have access to the machine.  I could request help from someone that does though.      

2)  To modify an alert owned by someone else through the API do I need a token generated from their account?  I can edit the alert through the GUI.

Thanks.

Scott

Labels (1)
Labels
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...