I have 100 alerts configured with certain conditio...

amit2301 · ‎08-28-2017

I have 100 alerts configured with certain condition, I have to change the condition but don't want to go to every alert and change the condition instead change in 1 place and it should change in all the places

cmerriman · ‎08-28-2017

the fastest way that i've found is to go into the savedsearches.conf and find all the stanzas that you need to change and do a find and replace.

http://docs.splunk.com/Documentation/SplunkCloud/6.6.0/Alert/Configuringalertsinsavedsearches.conf

I have 100 alerts configured with certain condition, I have to change the condition but don't want to go to every alert and change the condition instead change in 1 place and it should change in all the places

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

Join the Conversation

I have 100 alerts configured with certain condition, I have to change the condition but don't want to go to every alert and change the condition instead change in 1 place and it should change in all the places

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]