Skip to content

splunk get-alert-actions

Access a list of alert actions

Description

List alert actions

Synopsis

splunk get-alert-actions
    --site <site>
    [--name <name>]
    [--count <count>]
    [--sort_key <sort_key>]
    [--sort_dir <sort_dir>]

Arguments

site - (string)

     Site where this command will be executed
     Example: --site "site-1"
     Default: input.site      Attributes: required

name - (string)

     Name of the alert. If not specified, returns all alerts
     Example: --name "alert-1"
     Default: _None_      Attributes: optional

count - (int)

     Limit the number of results returned. Set 0 to return all results.
     Example: --count 0
     Default: 0      Attributes: optional

sort_key - (string)

     Field name to use for sorting.
     Example: --sort_key "updated"
     Default: updated      Attributes: optional

sort_dir - (string)

     Response sort order.
     Example: --sort_dir "sort_dir-1"
     Default: _None_      Attributes: optional

     Validation:
         allowed values: asc, desc

Examples

Input: 

!splunk get-alert-actions
Output: 
UPDATED                     AUTHOR  NAME                 
1970-01-01T05:30:00+05:30   nobody  email                   
1970-01-01T05:30:00+05:30   nobody  logevent                
1970-01-01T05:30:00+05:30   nobody  lookup
Input: 
x= !splunk get-alert-actions
Output: 
{
  "links": {
    "_reload": "/servicesNS/admin/-/alerts/alert_actions/_reload",
    "_acl": "/servicesNS/admin/-/alerts/alert_actions/_acl"
  },
  "updated": "2022-12-21T13:44:24+05:30",
  "entry": [
    {
      "name": "rss",
      "id": "https://localhost:8089/servicesNS/nobody/system/alerts/alert_actions/rss",
      "updated": "1970-01-01T05:30:00+05:30",
      "links": {
        "alternate": "/servicesNS/nobody/system/alerts/alert_actions/rss",
        "list": "/servicesNS/nobody/system/alerts/alert_actions/rss",
        "_reload": "/servicesNS/nobody/system/alerts/alert_actions/rss/_reload",
        "edit": "/servicesNS/nobody/system/alerts/alert_actions/rss",
        "disable": "/servicesNS/nobody/system/alerts/alert_actions/rss/disable"
      },
      "author": "nobody",
      "acl": {
        "app": "system",
        "can_ change_perms": true,
        "can_list": true,
        "can_share_app": true,
        "can_share_global": true,
        "can_share_user": false,
        "can_write": true,
        "modifiable": true,
        "owner": "nobody",
        "perms": {
          "read": [
            "*"
          ],
          "write": [
            "admin"
          ]
        },
        "removable": false,
        "sharing": "system"
      },
      "content": {
        "command": "createrss \"path=$name$.xml\" \"name=$name$\" \"link=$results.url$\" \"descr=Alert trigger: $name$, results.count=$results.count$ \" \"count=30\" \"graceful=$graceful{default=1}$\" maxtime=\"$action.rss.maxtime{default=1m}$\"",
        "disabled": false,
        "eai:acl": null,
        "eai:appName": "system",
        "eai:userName": "nobody",
        "forceCsvResults": "auto",
        "hostname": "",
        "maxresults": 10000,
        "maxtime": "1m",
        "track_alert": false,
        "ttl": 86400
      }
    }
  ],
  "paging": {
    "total": 11,
    "perPage": 30,
    "offset": 0
  },
  "messages": []
}

Access Control

To use this command, you need access to the following:

Field Value
Action "read"
Service Type "splunk"
Service Instance
Namespace
Object Type "alert"
Object ID

Please see Access Control for details.