Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get recipients email ID and owner of email alerts in Splunk?

knanaiah001
Explorer
‎03-07-2022 06:25 AM

Hi Team ,

Can someone help with query to get recipients email ID and owner of email alerts in splunk.

Thanks in advance!

Labels (1)
Labels
0 Karma
Reply

SanjayReddy
SplunkTrust
SplunkTrust
‎03-07-2022 06:41 AM

Hi @knanaiah001 

please use this

 

| rest/servicesNS/-/-/saved/searches
| search action.email=1
| rename title as "Email Alert Name" author as "Owner of Email alert" action.email.to as "Recipients Email ID in To" action.email.cc as "Recipients Email CC" action.email.bcc as "Recipients Email BCC"
| table "Email Alert Name" "Owner of Email alert" "Recipients Email ID in To" "Recipients Email CC" "Recipients Email BCC"

Reply

knanaiah001
Explorer
‎03-07-2022 08:20 AM

Hi @SanjayReddy  ,

Thank for quick response : ).I will check this solution
How to get to know if alert is enabled or not ?

Thanks in advance

0 Karma
Reply

SanjayReddy
SplunkTrust
SplunkTrust
‎03-07-2022 09:05 AM


Hi @knanaiah001 

by checking disabled field 

if disabled=1 means alert disabled
if disabled=0 means alert enabled 

updated the field in below query as well

| rest/servicesNS/-/-/saved/searches
| search action.email=1
| rename title as "Email Alert Name" author as "Owner of Email alert" action.email.to as "Recipients Email ID in To" action.email.cc as "Recipients Email CC" action.email.bcc as "Recipients Email BCC"
| table "Email Alert Name" "Owner of Email alert" "Recipients Email ID in To" "Recipients Email CC" "Recipients Email BCC" disabled

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...