Splunk Enterprise Security

How to find the most use cases trigger alerts in Splunk?

engmohdissam
New Member

Greetings!

I need to know how I can find the most use cases trigger alerts in Splunk.

is there any specific search query that can help? I need the use case name and the count of the alerts 

Labels (1)
Tags (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

See if this query helps.

| rest /servicesNS/-/-/saved/searches splunk_server=local 
```Ignore reports and disabled searches```
| search alert_type!="always" disabled=0 
| where triggered_alert_count > 0 
| table title eai:acl.owner eai:acl.app triggered_alert_count
---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...