Hello everyone!
I had a great doubt about creating alerts using Splunk Rest API.
Every of them are shared only for the owner/creator after been created.
How can I create a shared alert with my group of users using the Rest API?
You do this via a different endpoint than the alarm creation. My script:
```
curl -v -k -u "$SPLUNK_USER:$SPLUNK_PASSWORD" \
"https://$DOMAIN:8089/services/saved/searches/$ALARM_NAME/acl" \
--data-urlencode sharing="app" \
--data-urlencode output_mode="json" \
--data-urlencode owner="$SPLUNK_USER" \
--data-urlencode perms.read="" \
--data-urlencode perms.write=""
```
This grants read and write permissions to everyone in the 'app' sharing thing.
You do this via a different endpoint than the alarm creation. My script:
```
curl -v -k -u "$SPLUNK_USER:$SPLUNK_PASSWORD" \
"https://$DOMAIN:8089/services/saved/searches/$ALARM_NAME/acl" \
--data-urlencode sharing="app" \
--data-urlencode output_mode="json" \
--data-urlencode owner="$SPLUNK_USER" \
--data-urlencode perms.read="" \
--data-urlencode perms.write=""
```
This grants read and write permissions to everyone in the 'app' sharing thing.