Splunk Enterprise Security

How to find the most use cases trigger alerts in Splunk?

New Member


I need to know how I can find the most use cases trigger alerts in Splunk.

is there any specific search query that can help? I need the use case name and the count of the alerts 

Labels (1)
Tags (2)
0 Karma


See if this query helps.

| rest /servicesNS/-/-/saved/searches splunk_server=local 
```Ignore reports and disabled searches```
| search alert_type!="always" disabled=0 
| where triggered_alert_count > 0 
| table title eai:acl.owner eai:acl.app triggered_alert_count
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...