Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

modify the saved splunk Alert using api

venugoski
Explorer
‎10-16-2023 05:35 PM
looking for help in editing the saved Alert query using the api/curl .
i would like to change the pod_count 9 to 12 . how can i do that using api/curl
alertname = test_goski-list
alert query =
index=list-service source="eventhub://sams-jupiter-prod-scus-logs-premium-1.servicebus.windows.net/list-service;" "kubernetes.namespace_name"="list-service" | stats dc(kubernetes.pod_name) as pod_count | where pod_count < 9
i am trying to run the below curl to connect to the search head IP and getting the error response.
curl -k -u admin:changeme -X POST https://10.236.140.2:8089/servicesNS/admin/search/alerts/test_goski-list -d "search=index=list-service"


<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Not Found</msg>
</messages>
</response>
Labels (1)
Labels
Tags (1)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-16-2023 11:15 PM

Hi

maybe this helps youhttps://community.splunk.com/t5/Alerting/Why-can-t-I-change-alert-with-REST-It-change-permission-fro...

It’s old answer where I change some parameters on query. I think that you could change the query just like those parameters on conf.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...