splunk get-alert-actions
Access a list of alert actions
Description
List alert actions
Synopsis
splunk get-alert-actions
--site <site>
[--name <name>]
[--count <count>]
[--sort_key <sort_key>]
[--sort_dir <sort_dir>]
Arguments
site
- (string)
Site where this command will be executed
Example: --site "site-1"
Default: input.site
Attributes: required
name
- (string)
Name of the alert. If not specified, returns all alerts
Example: --name "alert-1"
Default: _None_
Attributes: optional
count
- (int)
Limit the number of results returned. Set 0 to return all results.
Example: --count 0
Default: 0
Attributes: optional
sort_key
- (string)
Field name to use for sorting.
Example: --sort_key "updated"
Default: updated
Attributes: optional
sort_dir
- (string)
Response sort order.
Example: --sort_dir "sort_dir-1"
Default: _None_
Attributes: optional
Validation:
allowed values: asc, desc
Examples
Input:
Output:UPDATED AUTHOR NAME
1970-01-01T05:30:00+05:30 nobody email
1970-01-01T05:30:00+05:30 nobody logevent
1970-01-01T05:30:00+05:30 nobody lookup
{
"links": {
"_reload": "/servicesNS/admin/-/alerts/alert_actions/_reload",
"_acl": "/servicesNS/admin/-/alerts/alert_actions/_acl"
},
"updated": "2022-12-21T13:44:24+05:30",
"entry": [
{
"name": "rss",
"id": "https://localhost:8089/servicesNS/nobody/system/alerts/alert_actions/rss",
"updated": "1970-01-01T05:30:00+05:30",
"links": {
"alternate": "/servicesNS/nobody/system/alerts/alert_actions/rss",
"list": "/servicesNS/nobody/system/alerts/alert_actions/rss",
"_reload": "/servicesNS/nobody/system/alerts/alert_actions/rss/_reload",
"edit": "/servicesNS/nobody/system/alerts/alert_actions/rss",
"disable": "/servicesNS/nobody/system/alerts/alert_actions/rss/disable"
},
"author": "nobody",
"acl": {
"app": "system",
"can_ change_perms": true,
"can_list": true,
"can_share_app": true,
"can_share_global": true,
"can_share_user": false,
"can_write": true,
"modifiable": true,
"owner": "nobody",
"perms": {
"read": [
"*"
],
"write": [
"admin"
]
},
"removable": false,
"sharing": "system"
},
"content": {
"command": "createrss \"path=$name$.xml\" \"name=$name$\" \"link=$results.url$\" \"descr=Alert trigger: $name$, results.count=$results.count$ \" \"count=30\" \"graceful=$graceful{default=1}$\" maxtime=\"$action.rss.maxtime{default=1m}$\"",
"disabled": false,
"eai:acl": null,
"eai:appName": "system",
"eai:userName": "nobody",
"forceCsvResults": "auto",
"hostname": "",
"maxresults": 10000,
"maxtime": "1m",
"track_alert": false,
"ttl": 86400
}
}
],
"paging": {
"total": 11,
"perPage": 30,
"offset": 0
},
"messages": []
}
Access Control
To use this command, you need access to the following:
Field | Value |
---|---|
Action | "read" |
Service Type | "splunk" |
Service Instance | |
Namespace | |
Object Type | "alert" |
Object ID |
Please see Access Control for details.