how to pull a list of alerts which is having speci...

iqbalintouch · ‎04-16-2020

Hi,

How can I pull a list or report of alerts which is having any of these specific words?
"purchase" OR "search" OR "booking"

memarshall63 · ‎04-16-2020

Do you mean something like this?:

|rest /servicesNS/-/-/saved/searches 
| table title eai:acl.app eai:acl.owner actions search

So maybe with your criteria, it'd be:

|rest /servicesNS/-/-/saved/searches 
| table title eai:acl.app eai:acl.owner actions search
| where title LIKE "%Purchase%" OR title LIKE "%search%" OR title LIKE "%booking%"

Alerts generally have actions so you could add a filter for those, or there may be other ways to do it:

|rest /servicesNS/-/-/saved/searches 
| search NOT actions="" 
| table title eai:acl.app eai:acl.owner actions search 
| where title LIKE "%Purchase%" OR title LIKE "%search%" OR title LIKE "%booking%"

to4kawa · ‎04-16-2020

see https://answers.splunk.com/answers/509669/how-to-create-a-dashboard-that-gives-information-a.html

how to pull a list of alerts which is having specific word?

alert condition

What’s New in Splunk Cloud Platform 9.1.2308?

Index This | Why do they call it hyper text?

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk