How to search all the alert, Dashboard, & Report searches configured in splunk ???
Like this:
|rest/servicesNS/-/<YourAppNameHere>/saved/searches splunk_server=local
| search eai:acl.app="<YourAppNameHere>" AND request.ui_dispatch_app="<YourAppNameHere>" AND is_scheduled="1"
| dedup id
| table eai:acl.app eai:acl.owner eai:acl.sharing disabled title description cron_schedule allow_skew dispatch.earliest_time dispatch.latest_time alert_severity search
| rename dispatch.* AS *
| rename eai:acl.* AS *
| table owner sharing title search description*
Thank you for providing that information , worked wonderfully for what I was looking for and more!
Thanks a lot , can I check whether I am a user or power user.
But you need admin-level privileges to run |rest
.
Hi @prabha321,
see at [Settings - Searches, Reports and Alerts], you have all the schedules searches (alerts and scheduled reports), remember to use the correct filters (e.g. Apps=all).
If you want to create a your own dashboard, you can use a search like the following
| rest /services/saved/searches | where is_scheduled=1
To get a history of scheduled search , check the internal logs
index=_internal sourcetype=scheduler | table _time user savedsearch_name status scheduled_time run_time result_count
Ciao.
Giuseppe
Thanks for your quick response Giuseppe ,
After searching with the query "| rest /services/saved/searches | where is_scheduled=1" it has pulled the alert configuration for SPLUNK but i want to search all the Queries done for servers,Network,Database ... etc of Infrastructure monitoring done on my environment.
Hi @prabha321,
alerts and scheduled searches are usually executed only on Search Heads, so you have to run the above search on your Search Heads.
When you speak of "Queries done for servers,Network,Database" are you speaking of searches on Splunk on logs of servers, network and databases, or other?
Ciao.
Giuseppe
I want to get the Alert Configuration Queries of servers,Network,Database ... etc of infrastructure monitoring.
Hi @prabha321,
if you're speaking of Infrastructure Monitoring App, see at [Settings - Searches, Reports and Alerts] starting from that app (the left side of Settings menu is contextual to the App): all the alerts and scheduled searches of that app are listed there.
Ciao.
Giuseppe
Hi @prabha321,
if you run the above search you have all the available fields, so you can choose the ones you like e.g. search and title:
| rest /services/saved/searches
| where is_scheduled=1
| table title search
Ciao.
Giuseppe
Thanks I am getting error ,I think it's restricted. Thanks again.
I'm sorry!
you should check the grants of your user.
To close the question, please accept and/or upvote it.
Ciao and next time.
Giuseppe
Yes that's the way I am taking the queries of each alerts.
Is there any queries to search all the alert configuration queries ???