Splunk search for List of triggered alerts

Copy
| rest /services/alerts/fired_alerts splunk_server=local| table eai:acl.app eai:acl.owner id title triggered_alert_count | rename eai:acl.* as *, app as App, owner as Owner, id as Endpoint, title as Title, triggered_alert_count as "Count of Triggered Alerts"
This seach will provide a count of triggered alerts grouped by the application that the alerts belong to. You must have the rest_properties_get capability to run this search.
0 comments

Category:

REST


Tags:


Search Commands:

Sign in or Register to submit a comment