How do I view / save the entire list of Reports + ...

SamHTexas · ‎08-26-2021

How do I view / save the entire list of Reports + Alerts in Splunk Enterprise, any SPLs is much appreciated.

If you would show me how to generate the same for ES. Thank u

richgalloway · ‎08-27-2021

Start with this REST command then customize the query to produce the desired output.

| rest /servicesNS/-/-/saved/searches

---
If this reply helps you, Karma would be appreciated.

SamHTexas · ‎08-27-2021

Thank u for your reply. I am not clear. I ran:

| rest /servicesNS/-/-/saved/searches

Received general search results

Ran

| rest /servicesNS/-/-/saved/reports No results

| rest /servicesNS/-/-/saved/alerts No results

I am sure I have many reports & alerts. I appreciate a reply. Thank u as always Rich.

richgalloway · ‎08-27-2021

Reports and alerts are just saved searches so the one REST command will return them all. For reports, the alert_type field value will be "always".

---
If this reply helps you, Karma would be appreciated.

How do I view / save the entire list of Reports + Alerts in Splunk Enterprise , any SPLs is much appreciated. Thank u