How do I export all alerts to csv or pdf?

yiweishih · ‎02-01-2023

Hi All,

My Splunk cloud is version 9.0.2208.4.

My account role is sc_admin already. I have around 200 alerts on the alert page.
Is there a way to export the 200 alerts from the alert page with just one click?

I am very new to Splunk, any help is appreciated!

Thanks!

isoutamo · ‎02-01-2023

Hi

I don't think that you can export those from Alert page? But maybe you could utilise this SPL (thanks someone who post this to answers or slack on last year, cannot recall that person).

| rest /servicesNS/-/-/saved/searches splunk_server=local
| search disabled=0 AND is_scheduled=1
| rename "alert.track" as alert_track
| eval type=case(alert_track=1, "alert", 
                (isnotnull(actions) AND actions!="") AND (isnotnull(alert_threshold) AND alert_threshold!=""), "alert", 
                (isnotnull(alert_comparator) AND alert_comparator!="") AND (isnotnull(alert_type) AND alert_type!="always"), "alert", 
                true(), "report")
| fields title type eai:acl.app is_scheduled description search disabled triggered_alert_count actions action.script.filename alert.severity cron_schedule disabled
| where type = "alert"
| dedup title eai:acl.app
| sort eai:acl.app title

Just update it to select which fields you needs to export.

r. Ismo

How do I export all alerts to csv or pdf?

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI

Join the Conversation

How do I export all alerts to csv or pdf?

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Splunk Observability for AI