×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
av81
Engager
Member since: ‎07-22-2024
‎07-24-2024
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-22-2024
Activity Feed
View All

How can I retrieve fired alerts in chronological o...

by in Splunk Enterprise
‎07-22-2024 05:13 AM
‎07-22-2024 05:13 AM
Hello, I used Splunk REST API with Search endpoint to be able to retrieve the latest fired alerts based on a title search. I get the fired alerts in alphabetical order but not in chronological order since all the alerts obtained have the default field <updated>1970-01-01T01:00:00+01:00</updated>. Here's the url and query I used : https://<host>:<mPort>/services/alerts/fired_alerts?search=name%3DSOC%20-*&&sort_dir=desc&sort_key=updated     | rest /services/alerts/fired_alerts/ | search title="SOC - *" | sort -updated | table title, updated, triggered_alert_count, author     Here are the references I used :  Search endpoint descriptions - Splunk Documentation Using the REST API reference - Splunk Documentation So, how can I retrieve fired alerts in chronological order with a title search ? Or how can I obtain a field indicating the date the alert was triggered ? Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-24-2024 04:05 AM