Re: How do I export all alerts to csv or pdf?

yiweishih · ‎02-01-2023

Hi All,

My Splunk cloud is version 9.0.2208.4.

My account role is sc_admin already. I have around 200 alerts on the alert page.
Is there a way to export the 200 alerts from the alert page with just one click?

I am very new to Splunk, any help is appreciated!

Thanks!

isoutamo · ‎02-01-2023

Hi

I don't think that you can export those from Alert page? But maybe you could utilise this SPL (thanks someone who post this to answers or slack on last year, cannot recall that person).

| rest /servicesNS/-/-/saved/searches splunk_server=local
| search disabled=0 AND is_scheduled=1
| rename "alert.track" as alert_track
| eval type=case(alert_track=1, "alert", 
                (isnotnull(actions) AND actions!="") AND (isnotnull(alert_threshold) AND alert_threshold!=""), "alert", 
                (isnotnull(alert_comparator) AND alert_comparator!="") AND (isnotnull(alert_type) AND alert_type!="always"), "alert", 
                true(), "report")
| fields title type eai:acl.app is_scheduled description search disabled triggered_alert_count actions action.script.filename alert.severity cron_schedule disabled
| where type = "alert"
| dedup title eai:acl.app
| sort eai:acl.app title

Just update it to select which fields you needs to export.

r. Ismo

How do I export all alerts to csv or pdf?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation