How to write query for analytics of reports and al...

gitingua · ‎04-06-2023

Dear Colleagues

Help write a query to get data about all reports and alerts

I need to get information e.g.
1. Execution time of each report and alert
2. How much does a completed report and alerts

and stuff like that
tried to find information in the monitoring console

But did not find information about each report and alert

I will be grateful !

woodcock · ‎04-06-2023

Settings -> Monitoring Console -> Search -> Activity -> Search Activity: Deployment

gitingua · ‎04-09-2023

@woodcock
Hi!

I see their information only about the searches themselves

I need analytics about reports and alerts

thanks for your reply!)

gcusello · ‎04-06-2023

Hi @gitingua ,

using the following search using REST API

| rest /servicesNS/-/MYAPP/saved/searches

you list all the savedsearches you have in your Splunk Environment.

Then you can filter them for status (enabled or disables) if they are alerts or reports, etc... and then you can define which information display (e.g. title, search, status, etc...=

Ciao.

Giuseppe

gitingua · ‎04-09-2023

Hi @gcusello
I looked at your example
But that's not what I was looking for
I need report and alert analytics.

Eg:
average run time and stuff like that

gcusello · ‎04-09-2023

Hi @gitingua,

using my search you have the list of all reports and alerts.

Then, as @woodcock hinted, using tye Monitoring Console, you have alla the information about reports and alerts executions.

Ciao.

Giuseppe

How to write query for analytics of reports and alerts?

audit

data quality

diag

distributed search

error

forwarder

HTTP Event Collector

indexer clustering

license usage

monitoring console

other

scheduler activity

search head clustering

splunk-assist

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...