How to get last 5 mins triggered alerts and its da...

msunilreddy · ‎09-02-2025

Hi Team,

How to get last 5 mins triggered alerts and its data like host, source, sourcetype, message, etc fields using Splunk REST API?

Thanks,

Sunil

livehybrid · ‎09-02-2025

Hi @msunilreddy

The get the triggered alerts you can use the REST API endpoint:

/alerts/fired_alerts/

https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTsearch#alerts.2Ffired_alerts

You can then iterate over the returned alerts to check if they are within 5 minutes and also use the "sid" to determine their host, source, response etc

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

How to get last 5 mins triggered alerts and its data like host, source, message, etc fields using Splunk REST API

data

other

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation