Re: How to create a shared alert via REST API

mlopesn · ‎10-15-2019

Hello everyone!

I had a great doubt about creating alerts using Splunk Rest API.

Every of them are shared only for the owner/creator after been created.

How can I create a shared alert with my group of users using the Rest API?

justinabrahms · ‎11-07-2019

You do this via a different endpoint than the alarm creation. My script:

```
curl -v -k -u "$SPLUNK_USER:$SPLUNK_PASSWORD" \
"https://$DOMAIN:8089/services/saved/searches/$ALARM_NAME/acl" \
--data-urlencode sharing="app" \
--data-urlencode output_mode="json" \
--data-urlencode owner="$SPLUNK_USER" \
--data-urlencode perms.read="" \
--data-urlencode perms.write=""

```

This grants read and write permissions to everyone in the 'app' sharing thing.

justinabrahms · ‎11-07-2019

You do this via a different endpoint than the alarm creation. My script:

```
curl -v -k -u "$SPLUNK_USER:$SPLUNK_PASSWORD" \
"https://$DOMAIN:8089/services/saved/searches/$ALARM_NAME/acl" \
--data-urlencode sharing="app" \
--data-urlencode output_mode="json" \
--data-urlencode owner="$SPLUNK_USER" \
--data-urlencode perms.read="" \
--data-urlencode perms.write=""

```

This grants read and write permissions to everyone in the 'app' sharing thing.

How to create a shared alert via REST API

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio