icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Alerts To CSV File
SHA256 checksum (alerts-to-csv-file_100.tgz) 09a81053acd7ba40495b5d251636a0159c9a25c007b43ac6e56b44f83ebeb4e8
To install your download
For instructions specific to your download, click the Details tab after closing this window.
To install apps and add-ons from within Splunk Enterprise
  1. Log into Splunk Enterprise.
  2. On the Apps menu, click Manage Apps.
  3. Click Install app from file.
  4. In the Upload app window, click Choose File.
  5. Locate the .tar.gz file you just downloaded, and then click Open or Choose.
  6. Click Upload.
  7. Click Restart Splunk, and then confirm that you want to restart.
To install apps and add-ons directly into Splunk Enterprise
  1. Put the downloaded file in the $SPLUNK_HOME/etc/apps directory.
  2. Untar and ungzip your app or add-on, using a tool like tar -xvf (on *nix) or WinZip (on Windows).
  3. Restart Splunk.
After you install a Splunk app, you will find it on Splunk Home. If you have questions or need more information, see Manage app and add-on objects.

Flag As Inappropriate

Alerts To CSV File

Overview
Splunk stores alerts and saved searches in savedsearches.conf file(s).

Currently, there seems to be no easy way to report on
and dump out all all your alerts without clicking the mouse 1000+ times
- especially if you have say 800+ alerts defined and running.

Wouldn't it be nice to have the ability to dump out
all of the Splunk alerts you defined to a .csv file and review all your alerts with Excel?

Now you can.

This app provides a way for an organization or an individual to convert user defined alerts
contained in internal splunk savedsearches.conf files to a user friendly readout provided by a .csv file.

When you save searches and create alerts - Splunk stores them for you in a number of savedsearches.conf files.

You may have alerts defined in only one savedsearches.conf file or in many
savedsearches.conf files depending on if different users are defining their own alerts.

The work flow to dump out the alerts is fairly easy:

First install this app.

Then select the app.

Once the app is selected:

The app has a search bar.

Enter a search of " | exportalerts list" (without the ") to get a list of where your savedsearches.conf files are stored.
For a list of relative paths to your savedsearch.conf files enter "| exportalerts list".

Then run the search again with "| exportalerts PATH ". Where the PATH is a path you have cut and pasted from
the "| exportalerts list" search

The " | exportalerts list" command or search will give you a list of one or more paths to the savedsearch.conf files relative to this app.

Highlight and cut or copy each line and paste it into the " | exportalerts " command as a suffix.

For example:

| exportalerts ../../search/local/savedsearches.conf

Would be a correct search string to cause the app to list your alerts defined in this particular savedsearches.conf file

And once you get a list of your alerts then:

Lastly save this search with all your alerts listed below as a REPORT.
Then run the report and export as a csv file.

To export a report as a .csv file - look in the far upper right of the app screen for a downward pointing arrow
into a horizontal bar. This is the export / download to .CSV icon which you want to use from a REPORT.

You can only download to a .csv file when you SAVE your search as a report.

For example: You located a savedsearhes.conf file and you issued "| exportalerts ../../username/savedsearches.conf" file and you see alerts below.

Next - open the report. You will see the alerts listed below in the report.

Go to the upper right menu bar of the report. Look for export and export to .csv. The symbol / icon is a downward arrow into a horizontal line.

You can name the .csv file and it starts to download from your browser.

Once the .csv file is downloaded to your desktop use Excel.

For more detailed help on how to use this app:
Select this app in the drop down.
Then for help type in the search bar: "| exportalerts help" without the "
for the full help work flow.

Release Notes

Version 1.0.0
June 6, 2019

Alerts to CSV app.
This app will read your savedsearches.conf file and convert the savedsearches (alerts) to a CSV file.

Install the app.
Select the app: Alerts to csv file

in the SEARCH Bar enter: | exportalerts help
don't forget the leading |

To see your savedsearches.conf files with your alerts:

| exportalerts list

To view your comverted alerts:

| exportalerts <path> where the <path> was found with the | exportalerts list command

Now save the search with the alerts visible as a REPORT.

Open the report and save as csv.

For complete help enter this command FROM THE Alerts to cav file app:

| exportalerts help

Don't forget the leading |

15
Installs
20
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.