Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert - Subject - Possible to add host name?

lain179
Communicator
‎01-11-2013 09:42 AM

Hi,

Is there is a way for me to put the host and server name in the subject line of the alert email? Is it possible at all?

I have created an alert searching for the keyword "Fatal error". The logs are generated from several host machines from a few different servers. How do I track which host and/or server the "Fatal error" is from?

The log line looks like this:

2013-01-08 07:34:49,949 ERROR: Fatal error for something something something <(PID)> ServerName

Host is one of the extracted fields.

Thanks!

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

the_wolverine
Champion
‎05-31-2016 11:27 AM

Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.

https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html

View solution in original post

Reply
Solved! Jump to solution
Solution

the_wolverine
Champion
‎05-31-2016 11:27 AM

Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.

https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎01-11-2013 04:06 PM

format your search results and add the required fields

<mysearch> | table _time host source _raw

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-16-2013 11:34 AM

I see. Thanks for confirming. That's what I thought too.

I have read through that documentation already and didn't look like those custom script parameters get me what I need ... unless there is one alert per host, which I am not going to do.

0 Karma
Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎01-14-2013 10:32 AM

My bad, it will add the host in the attached results included in the email, not in the email subject.

As far as I know there is no option to make the subject dynamic (it's static or populated with the search-name). The only way to go further is to use a custom alert script and manage yourself the email creation.
see http://docs.splunk.com/Documentation/Splunk/latest/Alert/Configuringscriptedalerts

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-14-2013 08:56 AM

Thank you for the response. I do not understand how that will add the host name in the subject line of an alert email.

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-11-2013 12:57 PM

Anyone ? ? ?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...