list_triggered_alerts
Retrieve and review recently triggered alerts from Splunk with details like search name, trigger time, and reason. Filter results by name and time to monitor system events.
Instructions
List fired alerts and their details. Use this to review recent triggered alerts, including saved search name, trigger time, owner/app, and trigger reason. Supports a name filter and a max results cap. Note: Splunk's fired alerts feed may not strictly filter by time; earliest/latest are advisory.
Args: count (int, optional): Maximum number of alert groups to return (default: 50) earliest_time (str, optional): Advisory filter for earliest trigger time (default: '-24h@h') latest_time (str, optional): Advisory filter for latest trigger time (default: 'now') search (str, optional): Case-insensitive substring filter applied to alert group name
Outputs: 'triggered_alerts' array, total counts, and the applied parameters. Security: results are constrained by the authenticated user's permissions.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| count | No | ||
| earliest_time | No | -24h@h | |
| latest_time | No | now | |
| search | No |