Knowledge Management

How to use TA-webtools to disable multiple alerts/reports?

ips_mandar
Builder

HI,

I want to disable multiple alerts/reports using curl (TA-webtools)..so basically my results look like below-

title app id
report1  app1 https://abc.com:8089/servicesNS/nobody/app1/saved/searches/report1
report2  app2 https://abc.com:8089/servicesNS/nobody/app2/saved/searches/report2
report3  app3 https://abc.com:8089/servicesNS/nobody/app3/saved/searches/report3

 

How I can disable all id alert/reports in single query?

any help is appreciated!

@jkat54 

Labels (1)
Tags (1)
0 Karma
1 Solution

ips_mandar
Builder

Below is the spl how I achieved it-

...| eval url_string= id."/disable"
|map search="| curl uri=$url_string$ method=POST splunkauth=true"

View solution in original post

0 Karma

ips_mandar
Builder

Below is the spl how I achieved it-

...| eval url_string= id."/disable"
|map search="| curl uri=$url_string$ method=POST splunkauth=true"
0 Karma

ips_mandar
Builder

Thanks @jkat54 I was able to do using map command

0 Karma

jkat54
SplunkTrust
SplunkTrust

You could do this using the urifield option and eval.  Here's an example below:

 

no reason you can't do something like

| makeresults count=3
| streamstats count 

| eval uri="https://abc.com:8089/app".count."/report".count"

 

 

Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...