Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

renaming saved alerts

aniketb
Path Finder
‎08-01-2012 12:23 PM

Hi,

We have a lot of saved searches and alerts. To make it easier to browse, I want rename them.

If I go to manage searches and reports and click on the search name, I'm able to only change the "Search" string.
A possible solution I found is to clone it and then just edit the "search name" string & delete the previous search.

Is this method good? I just don't want to be blamed by the whole department for spoiling the system!

Tags (4)
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎08-01-2012 12:37 PM

You could edit the names directly in the appropriate config file rather than cloning and deleting. Take a look at this.

http://splunk-base.splunk.com/answers/35617/rename-and-grouping-saved-searches

View solution in original post

Reply
Solved! Jump to solution

tsvetan
Explorer
‎03-22-2018 08:10 AM

I really can't believe that since 2011 there is still no option to rename only the Alert title via the GUI... Is this so hard to be done?

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎08-01-2012 12:37 PM

You could edit the names directly in the appropriate config file rather than cloning and deleting. Take a look at this.

http://splunk-base.splunk.com/answers/35617/rename-and-grouping-saved-searches

Reply
Solved! Jump to solution

ff_rumali
Explorer
‎10-04-2017 12:31 PM

While it is possible to edit the config file, you will need to restart Splunk to reread the configuration. This may be a factor to some people!

Reply
Solved! Jump to solution

pellegrini
Path Finder
‎08-25-2020 12:47 AM

Restarting splunk is not required.

It is enough to refresh the config.

To reload your endpoints type the following into your browser:

http://<yoursplunkserver>:8000/en-US/debug/refresh

Ref: https://docs.splunk.com/Documentation/Splunk/8.0.5/Admin/Configurationfilechangesthatrequirerestart#...

0 Karma
Reply
Solved! Jump to solution

kamalanc
Engager
‎04-13-2018 08:04 AM

I am unable to access the URL. Getting a 500 Internal Server Error.
Also, I believe my profile type is 'user' and am not sure if i can access the config file. Would love to find a way where a business user can edit saved alerts rather than having to touch a config file.
Any updates or insights from anyone?
thank you

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...