Solved: How do you search by specific alert type?

wzgoda · ‎06-13-2016

Hey,

I was looking run a historical search for a specific alert over a period of time. What search can I run in order to search by alert type?

Raghav2384 · ‎06-13-2016

This should have all the information you want:

index=_internal host=* source=*scheduler.log

Best bet, s.o.s (Splunk On Splunk Application)

Built in: From you splunk web, upper right hand corner, click on - Activity > System Activity > Scheduler > Scheduler Activity by Saved search. This should give you any & all the information you need.

Also, hit the following endpoints:

|rest /services/alerts/alert_actions
|rest /services/alerts/fired_alerts
|rest /services/saved/searches

Hope this helps!

Thanks,
Raghav

View solution in original post

Raghav2384 · ‎06-13-2016

This should have all the information you want:

index=_internal host=* source=*scheduler.log

Best bet, s.o.s (Splunk On Splunk Application)

Built in: From you splunk web, upper right hand corner, click on - Activity > System Activity > Scheduler > Scheduler Activity by Saved search. This should give you any & all the information you need.

Also, hit the following endpoints:

|rest /services/alerts/alert_actions
|rest /services/alerts/fired_alerts
|rest /services/saved/searches

Hope this helps!

Thanks,
Raghav

How do you search by specific alert type?

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]