splunk get-fired-alerts
Access a fired alerts summary.
Description
List fired alerts
Synopsis
splunk get-fired-alerts
--site <site>
[--count <count>]
[--sort_key <sort_key>]
[--sort_dir <sort_dir>]
Arguments
site
- (string)
Site where this command will be executed
Example: --site "site-1"
Default: input.site
Attributes: required
count
- (int)
Limit the number of results returned. Set 0 to return all results.
Example: --count 0
Default: 0
Attributes: optional
sort_key
- (string)
Field name to use for sorting.
Example: --sort_key "updated"
Default: updated
Attributes: optional
sort_dir
- (string)
Response sort order.
Example: --sort_dir "sort_dir-1"
Default: _None_
Attributes: optional
Validation:
allowed values: asc, desc
Examples
Input:
Output:UPDATED AUTHOR NAME
1970-01-01T05:30:00+05:30 nobody email
1970-01-01T05:30:00+05:30 nobody logevent
1970-01-01T05:30:00+05:30 nobody lookup
{
"links": {},
"origin": "https://localhost:8089/servicesNS/admin/-/alerts/fired_alerts",
"updated": "2023-02-07T12:52:33+05:30",
"generator": {
"build": "dd0128b1f8cd",
"version": "9.0.3"
},
"entry": [
{
"name": "-",
"id": "https://localhost:8089/servicesNS/admin/-/alerts/fired_alerts/-",
"updated": "1970-01-01T05:30:00+05:30",
"links": {
"alternate": "/servicesNS/admin/-/alerts/fired_alerts/-",
"list": "/servicesNS/admin/-/alerts/fired_alerts/-"
},
"author": "admin",
"acl": {
"app": "",
"can_list": true,
"can_write": true,
"modifiable": false,
"owner": "admin",
"perms": {
"read": [
"*"
],
"write": [
"*"
]
},
"removable": false,
"sharing": "user"
},
"content": {
"eai:acl": null,
"triggered_alert_count": 0
}
}
],
"paging": {
"total": 1,
"perPage": 30,
"offset": 0
},
"messages": []
}
Access Control
To use this command, you need access to the following:
Field | Value |
---|---|
Action | "read" |
Service Type | "splunk" |
Service Instance | |
Namespace | |
Object Type | "alert" |
Object ID |
Please see Access Control for details.