Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I view / save the entire list of Reports + Alerts in Splunk Enterprise , any SPLs is much appreciated. Thank u

SamHTexas
Builder
‎08-26-2021 09:31 AM

How do I view / save the entire list of Reports + Alerts in Splunk Enterprise, any SPLs is much appreciated. 

If you would show me how to generate the same for ES. Thank u

Labels (1)
Labels
Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-27-2021 09:34 AM

Start with this REST command then customize the query to produce the desired output.

| rest /servicesNS/-/-/saved/searches
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

SamHTexas
Builder
‎08-27-2021 10:47 AM

Thank u for your reply. I am not clear. I ran:

| rest /servicesNS/-/-/saved/searches

Received general search results

Ran 

| rest /servicesNS/-/-/saved/reports     No results

| rest /servicesNS/-/-/saved/alerts        No results

 

I am sure I have many reports & alerts. I appreciate a reply. Thank u as always Rich.

 

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-27-2021 11:37 AM

Reports and alerts are just saved searches so the one REST command will return them all.  For reports, the alert_type field value will be "always".

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
Top