Splunk Search

Alerts in Dashboard Panel

tnconners
Explorer

I'm working on developing an app for a client, I'm looking to display the alerts that have fired (like it would appear in the alert manager). I've been playing with the Sideview Utils app, and displayed an iframe with the alert manager inside it, the problem with that is twofold, using the address as "localhost" doesn't work, and using the ip address does not lend to easy app deployment.

The other problem is that the header and the footer take up the iframe and don't let you see the alerts.

Any ideas?

Thank you in advance!

Tags (2)
0 Karma
1 Solution

cramasta
Builder

As an alternative solution and depending on how creative you can get with your dashboards you can use the rest api directly from search to pull information about the alerts that have fired

run this search on your server that is sending the alerts as a starting point to see what kind of information is is able to provide

| rest count=0 /servicesNS/-/-/alerts/fired_alerts/

you can read more about it from here

http://docs.splunk.com/Documentation/Splunk/4.3.6/RESTAPI/RESTsearch

View solution in original post

cramasta
Builder

As an alternative solution and depending on how creative you can get with your dashboards you can use the rest api directly from search to pull information about the alerts that have fired

run this search on your server that is sending the alerts as a starting point to see what kind of information is is able to provide

| rest count=0 /servicesNS/-/-/alerts/fired_alerts/

you can read more about it from here

http://docs.splunk.com/Documentation/Splunk/4.3.6/RESTAPI/RESTsearch

cramasta
Builder

Glad it works for you. There's all kinds of fun stuff you can do with the "| rest ..." command

0 Karma

tnconners
Explorer

Is it too early to tell you I love you 🙂

Semi-Finalized search is:
| rest count=0 /servicesNS/-/-/alerts/fired_alerts/ | search eai:acl.app="search" | fields - eai*,published,splunk_server

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...