Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I export all alerts to csv or pdf?

yiweishih
Explorer
‎02-01-2023 12:05 PM

Hi All,

My Splunk cloud is version 9.0.2208.4.

My account role is sc_admin already.  I have around 200 alerts on the alert page.
Is there a way to export the 200 alerts from the alert page with just one click?

yiweishih_0-1675281538875.png

I am very new to Splunk, any help is appreciated!

Thanks!

 

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-01-2023 12:12 PM

Hi

I don't think that you can export those from Alert page? But maybe you could utilise this SPL (thanks someone who post this to answers or slack on last year, cannot recall that person).

 

| rest /servicesNS/-/-/saved/searches splunk_server=local
| search disabled=0 AND is_scheduled=1
| rename "alert.track" as alert_track
| eval type=case(alert_track=1, "alert", 
                (isnotnull(actions) AND actions!="") AND (isnotnull(alert_threshold) AND alert_threshold!=""), "alert", 
                (isnotnull(alert_comparator) AND alert_comparator!="") AND (isnotnull(alert_type) AND alert_type!="always"), "alert", 
                true(), "report")
| fields title type eai:acl.app is_scheduled description search disabled triggered_alert_count actions action.script.filename alert.severity cron_schedule disabled
| where type = "alert"
| dedup title eai:acl.app
| sort eai:acl.app title

 

Just update it to select which fields you needs to export.

r. Ismo 

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...