Splunk Search

Is it possible to add the same action to all of the alerts in one time?

sarit_s
Communicator

Hello

I need to add alert action to many alerts,
Is it possible to add the same action to all of the alerts in one time ?

 

Thanks

Labels (1)
Tags (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

No, it is not possible.

I would do it once in the UI, then edit savedsearches.conf in the relevant app and copy the changes to the other alerts.  Then restart the SH.  If you have a SHC, make the changes on the deployer and apply the shbundle.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...