Underscores doesn't seem to change the behavior. I still get
22 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors.
Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/alerts/fired_alerts/My_Alert?count=0 from server=https://127.0.0.1:8089
The limit has been reached for log messages in info.csv. 40 messages have not been written to info.csv. Please refer to search.log for these messages or limits.conf to configure this limit.
[ip-xx-xx-xx-xx] Failed to fetch REST endpoint uri=https://127.0.0.1:8089/services/alerts/fired_alerts/My_Alert?count=0 from server=https://127.0.0.1:8089
0 events (3/21/16 12:00:00.000 AM to 4/20/16 8:09:27.000 PM)
I don't see my specific alerts in the GET all case, though I do see results on the alerts tab for that particular alert.
... View more
I have an alert named e.g. "My Alert". How do I search for it in Splunk using the REST API?
I can successfully search all alerts with:
| rest /services/alerts/fired_alerts/
But I cannot figure out how to search by name when the alert has spaces in it (all of our configured alerts have spaces, so I actually don't have one without spaces to test out separately). I've tried:
| rest /services/alerts/fired_alerts/My Alert/
| rest /services/alerts/fired_alerts/My%20Alert/
and neither works. They both fail with a "Failed to fetch REST endpoint" error message.
... View more