×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
harpr86
Explorer
Member since: ‎06-11-2024
‎06-06-2025
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎06-11-2024
Activity Feed
View All

Re: create shared splunk alert with api

by in Splunk Cloud Platform
‎06-06-2025 08:18 AM
‎06-06-2025 08:18 AM
@livehybrid thanks for your response. but,  I am looking to perform the two operation in single api.   for example, at the time of creation of splunk alert  , alert should have permission of r+w to user. ... View more

create shared splunk alert with api

by in Splunk Cloud Platform
‎06-05-2025 05:04 PM
‎06-05-2025 05:04 PM
Hi,  I am trying to create alert using api, alert is not getting created in shared mode. I need to run acl command separately to give r+w access  to user.   Command to create alert. curl --location --request POST 'https://splunkHost:8089/services/saved/searches' \ --header 'Authorization: Basic Auth' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'name=test_alert_harpreet07' \ --data-urlencode 'cron_schedule=*/30 * * * *' \ --data-urlencode 'description=This alert will be triggered if proxy has 4x,5x errors' \ --data-urlencode 'dispatch.earliest_time=-30@m' \ --data-urlencode 'dispatch.latest_time=now' \ --data-urlencode 'search=search index="federated:some-index" statusCode">3*'' \ --data-urlencode 'alert_type=number of events' \ --data-urlencode 'alert.expires=730d' \ --data-urlencode 'action.email.to=xyz.abc@def.com' \ --data-urlencode 'action.email.maxresults=50' \ --data-urlencode 'action.email.subject=some-Errors' \ --data-urlencode 'dispatchAs=user' \ --data-urlencode 'action.email.from=Splunk'     to give permission to user    curl --location --request POST 'https://splunkHOST"8089/services/saved/searches/<alertName>/acl' \ --header 'Authorization: Basic Auth' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'sharing=app' \ --data-urlencode 'app=search' \ --data-urlencode 'perms.read=user' \ --data-urlencode 'perms.write=user' \ --data-urlencode 'owner=automation'     #splunk #cloud    is there a way, that alert should be created in shared mode with  r+w access to user. ... View more
Labels

Re: https error percentage

by in Splunk Search
‎06-12-2024 07:50 AM
‎06-12-2024 07:50 AM
Thanks for your detailed answer. it worked. Appreciated. ... View more

https error percentage

by in Splunk Search
‎06-11-2024 06:07 PM
‎06-11-2024 06:07 PM
Hi, I am trying to get the error percentage of the https response request but its not working as expected.   index="john-doe-index" | stats count AS Total count(eval(statusCode="2**")) as Success | eval Failure = Total - Success | eval Percent_Failure = round((Failure/Total)*100)."%" | stats count by Percent_Failure     showing the following result.   I took the above query from previous answers, not sure why its not working on my end. because the ratio of 4xx , 2xx are high and result is showing 100% and count 1 all the time.   Thanks! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-06-2025 10:12 AM
Karma given to
View All