Hello
How can I expose alerts using the API ?
i've created a saved searches.
thanks
Can you please provide some more info ? What you want to do with alerts using REST API For example: Modify or Run ?
run. the same as it will be with the console
Have a look at Splunk SDK document https://dev.splunk.com/enterprise/docs/python/sdk-python/howtousesplunkpython/howtorunsearchespython... (SDK available in Python, C#, Java & Javascript)
thanks, it is an interesting option but it is not what im looking for.
i need to run it with some tool like postman
Have a look at Job Export REST API https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTREF/RESTsearch#search.2Fjobs.2Fexport and old answer https://answers.splunk.com/answers/596185/doing-search-through-rest-api-using-postman-giving.html
thanks. i already read it. maybe im missing something but it is not working
In that case you need to provide more details, what have you tried (Like which REST API are you using with search query), what errors are you getting.
i don't see an option to run the alert. i see an option to see the fired alerts or alerts actions.
get you please give me an example of how to run an alert ? even from command line
I don't have postman installed so can't give you postman example but if you look at documentation https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTREF/RESTsearch#search.2Fjobs.2Fexport, they have provided below example
curl -k -u admin:password https://splunkserver:8089/services/search/jobs/export -d search="savedsearch \ MySavedSearch%20host%3Dwolverine*"
Additionally have a look at https://docs.splunk.com/Documentation/Splunk/8.0.1/RESTTUT/RESTsearches
im getting this error :
curl: (6) Could not resolve host: splunkserver
You need to replace splunkserver
with your actual splunk server hostname or ip address.
ohhh oopssss
but anyway, im getting an error:
this is my command:
curl -k -u admin:1qaz@wsx https://localhost:8089/services/search/jobs/export -d search="savedsearch \ DeletedLuckyCart"
this is the error :
Error in 'savedsearch' command: Unable to find saved search named '\'.