Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need help with preparing a list of Middleware reports on the Ent. + write an alert to be notified when they are changed.

SamHTexas
Builder
‎01-11-2022 02:37 PM

I need help with writing an SPL to list all the Middleware reports on the Splunk Ent. & An alert to email me when any report is changed please. Thank very much.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

SinghK
Builder
‎01-12-2022 07:17 AM

All reports are saved searches 

|rest /servicesNS/-/-/saved/searches|table title, updated 

 

the spl query above will give you all the searches on your splunk instance and when they are updated. you will need to filter out your searches and setup and alert.

you can also add field "author" this way it will let you catch the person who changed it. 

Reply

inventsekar
SplunkTrust
SplunkTrust
‎01-11-2022 06:30 PM

Hi @SamHTexas .. we will need more details from your side..

 list all the Middleware reports  are they created by a same person / same app / same team? we got some rest api's that will list down all reports..

 

Once we created the SPL query to list down all middleware reports, its easy to create email alert. 

hope you got the idea, thanks. 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

SamHTexas
Builder
‎01-13-2022 02:22 PM

Would you please share an SPL that would make a list of the only the middleware reports. Thanks a million

Tags (1)
0 Karma
Reply

SamHTexas
Builder
‎01-12-2022 12:50 PM

Thank u very much for your reply. Would you share a SPL I can use in GUI for all & one for 2 Teams that create the middleware reports. I really appreciate your help. Thx

Tags (1)
0 Karma
Reply

SinghK
Builder
‎01-12-2022 08:30 PM

Sam, 

 

this is the query

|rest /servicesNS/-/-/saved/searches|table title, updated, author. run that in search and you will get results.

Reply

SamHTexas
Builder
‎01-13-2022 11:58 AM

Thanks very much. Would this work on the Splunk Ent. as well as the ES? 

Tags (1)
0 Karma
Reply

SinghK
Builder
‎01-17-2022 02:53 AM

Yes.

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...