How to enable/disable splunk alert settings from CLI

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

Specifications/Technical Information

Specifications/Technical Information
- Splunk Enterprise features
- Splunk Technology Blog

solution

solution

User stories

support

Seminar content

Evaluation machine application/FAQ

Application for evaluation machine
- Splunk Evaluation Download
FAQ

Document request

inquiry

Event/Seminar

video on demand

How to enable/disable splunk alert settings from CLI

release date: 2017-01-11

last updated: 2023-06-02

version: Splunk Enterprise 9.0.4

Overview: How to enable/disable alert settings from CLI

Reference information

https://docs.splunk.com/Documentation/Splunk/6.2.0/RESTTUT/RESTbasicexamples#Edit_a_Splunk_object

content

Alerts set in splunk can be enabled/disabled with the following CLI commands.

When disabling alerts

curl -ku <username>:<password>
https://<server_IP>:8089/servicesNS/<owner-name>/
<app-name>/saved/searches/<saved-search-name> -d "disabled=1"

When to enable alerts

curl -ku <username>:<password>
https://<server_IP>:8089/servicesNS/<owner-name>/
<app-name>/saved/searches/<saved-search-name> -d "disabled=0"

* For <owner-name>, <app-name>, and <saved-search-name>, enter the owner, app name, and alert name of the alert whose settings you want to disable. Please see the reference information for details.

that's all

to previous page

In charge of Macnica Splunk Co., Ltd.

inquiry Document request

TEL：045-476-2010
E-mail：splunk-sales@macnica.co.jp

Mon-Fri 8:45-17:30