Hey,
I was looking run a historical search for a specific alert over a period of time. What search can I run in order to search by alert type?
This should have all the information you want:
index=_internal host=* source=*scheduler.log
Best bet, s.o.s (Splunk On Splunk Application)
Built in: From you splunk web, upper right hand corner, click on - Activity
> System Activity
> Scheduler
> Scheduler Activity by Saved search
. This should give you any & all the information you need.
Also, hit the following endpoints:
|rest /services/alerts/alert_actions
|rest /services/alerts/fired_alerts
|rest /services/saved/searches
Hope this helps!
Thanks,
Raghav
This should have all the information you want:
index=_internal host=* source=*scheduler.log
Best bet, s.o.s (Splunk On Splunk Application)
Built in: From you splunk web, upper right hand corner, click on - Activity
> System Activity
> Scheduler
> Scheduler Activity by Saved search
. This should give you any & all the information you need.
Also, hit the following endpoints:
|rest /services/alerts/alert_actions
|rest /services/alerts/fired_alerts
|rest /services/saved/searches
Hope this helps!
Thanks,
Raghav