I am using the REST API to create a bot to search for triggered alerts every 30 seconds or so. I created saved searches as alerts on my personal splunk account from my company and everything worked fine.
curl -k -u [username]:[password] https://[host]/servicesNS/[username]/[app]/alerts/fired_alerts -d "output_mode=json" --get
I recently got a new splunk account specifically for the bot to use so I went and recreated the alerts I had previously created on the new account but when I run the API calls I am not getting any triggered alerts returned. I can see my test alerts in the alert manager and the alerts I created on the new account are exactly the same as the ones I had on my personal account.
I have tried deleting the saved searches on my personal account as well as recreating the searches on the bot account but I am unable to see the triggered alerts when I check for them using the API.
Any help would greatly appreciated.
edit: If I search for triggered alerts from all apps I am able to see other alerts that were created by other people but not the ones I created.
I can see the alerts that were triggered http://i.imgur.com/NcoDyy7.png but when I run the command I only get http://pastebin.com/6N9r82k1
... View more