Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you search by specific alert type?

wzgoda
Explorer
‎06-13-2016 09:44 AM

Hey,

I was looking run a historical search for a specific alert over a period of time. What search can I run in order to search by alert type?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Raghav2384
Motivator
‎06-13-2016 10:22 AM

This should have all the information you want:

index=_internal host=* source=*scheduler.log

Best bet, s.o.s (Splunk On Splunk Application)

Built in: From you splunk web, upper right hand corner, click on - Activity > System Activity > Scheduler > Scheduler Activity by Saved search. This should give you any & all the information you need.

Also, hit the following endpoints:

|rest /services/alerts/alert_actions
|rest /services/alerts/fired_alerts
|rest /services/saved/searches

Hope this helps!

Thanks,
Raghav

View solution in original post

Reply
Solved! Jump to solution
Solution

Raghav2384
Motivator
‎06-13-2016 10:22 AM

This should have all the information you want:

index=_internal host=* source=*scheduler.log

Best bet, s.o.s (Splunk On Splunk Application)

Built in: From you splunk web, upper right hand corner, click on - Activity > System Activity > Scheduler > Scheduler Activity by Saved search. This should give you any & all the information you need.

Also, hit the following endpoints:

|rest /services/alerts/alert_actions
|rest /services/alerts/fired_alerts
|rest /services/saved/searches

Hope this helps!

Thanks,
Raghav

View solution in original post

Reply
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Get Updates on the Splunk Community!