Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to filter alerts which contains invalid attribute or invalid attribute name

moinghori
New Member
‎01-06-2020 08:23 AM

Some of the alert's attribute name has been changed hence those alerts cannot be triggered.
I want to find out such alerts. Currently, I am thinking to check each alert one by one which is tedious and long path since I have hundreds of alerts.
Is there any way Splunk can give me a list of such alerts?
If someone encounters such issues and resolves then please help us.

0 Karma
Reply

jawaharas
Motivator
‎01-19-2020 09:22 PM

If you have access to back-end (SSH access to Splunk search head), you can find Splunk alerts in below configuration file(s).

$SPLUNK_HOME/etc/apps/<appname>/local
$SPLUNK_HOME/etc/users/<username>/<appname>/local

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...