I can list fired-alerts via endpoint https://localhost:8089/servicesNS/admin/search/alerts/fired_alerts/-
There is a way to delete fired-alerts via API?
Found snippet example using Python internal SDK:
Fired_alert.py
Provides object mapping for fired alerts objects
Example use case:
sessionKey = splunk.auth.getSessionKey('admin','changeme')
s = SavedSearch.get('/servicesNS/admin/search/admin/savedsearch/someAlert')
alerts = s.get_alerts()
# print them all
for a in alerts:
print a.severity, str(a.trigger_time), str(action)
#now delete the most recent one
alerts[0].delete()
via REST point as described on the Documentation page:
http://docs.splunk.com/Documentation/Splunk/4.2.4/RESTAPI/RESTsearch#alerts.2Ffired_alerts
Found snippet example using Python internal SDK:
Fired_alert.py
Provides object mapping for fired alerts objects
Example use case:
sessionKey = splunk.auth.getSessionKey('admin','changeme')
s = SavedSearch.get('/servicesNS/admin/search/admin/savedsearch/someAlert')
alerts = s.get_alerts()
# print them all
for a in alerts:
print a.severity, str(a.trigger_time), str(action)
#now delete the most recent one
alerts[0].delete()
Hi Robert, could you post your entire code here ?