Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you search by specific alert type?

wzgoda
Explorer
‎06-13-2016 09:44 AM

Hey,

I was looking run a historical search for a specific alert over a period of time. What search can I run in order to search by alert type?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Raghav2384
Motivator
‎06-13-2016 10:22 AM

This should have all the information you want:

index=_internal host=* source=*scheduler.log

Best bet, s.o.s (Splunk On Splunk Application)

Built in: From you splunk web, upper right hand corner, click on - Activity > System Activity > Scheduler > Scheduler Activity by Saved search. This should give you any & all the information you need.

Also, hit the following endpoints:

|rest /services/alerts/alert_actions
|rest /services/alerts/fired_alerts
|rest /services/saved/searches

Hope this helps!

Thanks,
Raghav

View solution in original post

Reply
Solved! Jump to solution
Solution

Raghav2384
Motivator
‎06-13-2016 10:22 AM

This should have all the information you want:

index=_internal host=* source=*scheduler.log

Best bet, s.o.s (Splunk On Splunk Application)

Built in: From you splunk web, upper right hand corner, click on - Activity > System Activity > Scheduler > Scheduler Activity by Saved search. This should give you any & all the information you need.

Also, hit the following endpoints:

|rest /services/alerts/alert_actions
|rest /services/alerts/fired_alerts
|rest /services/saved/searches

Hope this helps!

Thanks,
Raghav

Reply
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Get Updates on the Splunk Community!