Re: Need help with preparing a list of Middleware ...

SamHTexas · ‎01-11-2022

I need help with writing an SPL to list all the Middleware reports on the Splunk Ent. & An alert to email me when any report is changed please. Thank very much.

SinghK · ‎01-12-2022

All reports are saved searches

|rest /servicesNS/-/-/saved/searches|table title, updated

the spl query above will give you all the searches on your splunk instance and when they are updated. you will need to filter out your searches and setup and alert.

you can also add field "author" this way it will let you catch the person who changed it.

inventsekar · ‎01-11-2022

Hi @SamHTexas .. we will need more details from your side..

list all the Middleware reports are they created by a same person / same app / same team? we got some rest api's that will list down all reports..

Once we created the SPL query to list down all middleware reports, its easy to create email alert.

hope you got the idea, thanks.

SamHTexas · ‎01-13-2022

Would you please share an SPL that would make a list of the only the middleware reports. Thanks a million

SamHTexas · ‎01-12-2022

Thank u very much for your reply. Would you share a SPL I can use in GUI for all & one for 2 Teams that create the middleware reports. I really appreciate your help. Thx

SinghK · ‎01-12-2022

Sam,

this is the query

|rest /servicesNS/-/-/saved/searches|table title, updated, author. run that in search and you will get results.

SamHTexas · ‎01-13-2022

Thanks very much. Would this work on the Splunk Ent. as well as the ES?

SinghK · ‎01-17-2022

Yes.

Need help with preparing a list of Middleware reports on the Ent. + write an alert to be notified when they are changed.

metrics

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!