alert_action_name Syntax: <alert_action_name>Description: The name of the alert action configured in the alert_actions.conf file May we know the alert_action_name you configured in your alert_actions.conf file please. (if this post helped you in anyway, pls upvote. if this post resolved your query, pls "accept this as the solution", so that this question will be moved from unanswered to answered, thanks. )
... View more
Simple XML will get you out of most of complicated situations through CSS Extension, JavaScript Extension and Splunk JS Stack. Once you switch to HTML you have complete control of your dashboard and virtually you open up Splunk Dashboard for full fledged web development. However, you have to be really get used to the "extra line of code" (which were abstract in Simple XML). With that trade off in mind. Code as much as possible in Simple XML and switch to HTML only if unavoidable or when dashboard is stable and almost final.
... View more
I did this, but not sure this is the best approach.
"search index=_audit action=alert_fired earliest=startingDate latest=endingDate | map search=" |loadjob sid"
I use a starting and ending date so I am only searching on a time frame when the alert happened and not the entire time frame.
I am using the C# SDK, but is what you listed above a more efficient method?
Thanks!
... View more