Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

renaming saved alerts

aniketb
Path Finder
‎08-01-2012 12:23 PM

Hi,

We have a lot of saved searches and alerts. To make it easier to browse, I want rename them.

If I go to manage searches and reports and click on the search name, I'm able to only change the "Search" string.
A possible solution I found is to clone it and then just edit the "search name" string & delete the previous search.

Is this method good? I just don't want to be blamed by the whole department for spoiling the system!

Tags (4)
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎08-01-2012 12:37 PM

You could edit the names directly in the appropriate config file rather than cloning and deleting. Take a look at this.

http://splunk-base.splunk.com/answers/35617/rename-and-grouping-saved-searches

View solution in original post

Reply
Solved! Jump to solution

tsvetan
Explorer
‎03-22-2018 08:10 AM

I really can't believe that since 2011 there is still no option to rename only the Alert title via the GUI... Is this so hard to be done?

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎08-01-2012 12:37 PM

You could edit the names directly in the appropriate config file rather than cloning and deleting. Take a look at this.

http://splunk-base.splunk.com/answers/35617/rename-and-grouping-saved-searches

Reply
Solved! Jump to solution

ff_rumali
Explorer
‎10-04-2017 12:31 PM

While it is possible to edit the config file, you will need to restart Splunk to reread the configuration. This may be a factor to some people!

Reply
Solved! Jump to solution

pellegrini
Path Finder
‎08-25-2020 12:47 AM

Restarting splunk is not required.

It is enough to refresh the config.

To reload your endpoints type the following into your browser:

http://<yoursplunkserver>:8000/en-US/debug/refresh

Ref: https://docs.splunk.com/Documentation/Splunk/8.0.5/Admin/Configurationfilechangesthatrequirerestart#...

0 Karma
Reply
Solved! Jump to solution

kamalanc
Engager
‎04-13-2018 08:04 AM

I am unable to access the URL. Getting a 500 Internal Server Error.
Also, I believe my profile type is 'user' and am not sure if i can access the config file. Would love to find a way where a business user can edit saved alerts rather than having to touch a config file.
Any updates or insights from anyone?
thank you

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...