Hi,
I'm using splunk's rest api to access Splunk objects. The goal is to disable/enable saved alerts(not all search objects) based on the title inputted. The approach I have taken is to access
https://localhost:8089/servicesNS/admin/search/saved/searches/
and compare the titles. But the requirement is to disable the object only if it is an Alert(the ones displayed in this page
http://localhost:8000/en-US/app/search/alerts
This is just a subset of the results displayed in
http://localhost:8000/en-US/manager/launcher/saved/searches?ns=-&pwnr=-&search=&app_only=1
I'm checking to see if property "actions" is not empty or property "alert.track" is "1" to check if it is an alert. But it looks like a new search query with some conditions added is also displayed in the alerts page.
So I would like to know if there is a combination of properties that I can use to distinguish an alert from a search object?
... View more