Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert - Subject - Possible to add host name?

lain179
Communicator
‎01-11-2013 09:42 AM

Hi,

Is there is a way for me to put the host and server name in the subject line of the alert email? Is it possible at all?

I have created an alert searching for the keyword "Fatal error". The logs are generated from several host machines from a few different servers. How do I track which host and/or server the "Fatal error" is from?

The log line looks like this:

2013-01-08 07:34:49,949 ERROR: Fatal error for something something something <(PID)> ServerName

Host is one of the extracted fields.

Thanks!

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

the_wolverine
Champion
‎05-31-2016 11:27 AM

Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.

https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html

View solution in original post

Reply
Solved! Jump to solution
Solution

the_wolverine
Champion
‎05-31-2016 11:27 AM

Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.

https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎01-11-2013 04:06 PM

format your search results and add the required fields

<mysearch> | table _time host source _raw

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-16-2013 11:34 AM

I see. Thanks for confirming. That's what I thought too.

I have read through that documentation already and didn't look like those custom script parameters get me what I need ... unless there is one alert per host, which I am not going to do.

0 Karma
Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎01-14-2013 10:32 AM

My bad, it will add the host in the attached results included in the email, not in the email subject.

As far as I know there is no option to make the subject dynamic (it's static or populated with the search-name). The only way to go further is to use a custom alert script and manage yourself the email creation.
see http://docs.splunk.com/Documentation/Splunk/latest/Alert/Configuringscriptedalerts

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-14-2013 08:56 AM

Thank you for the response. I do not understand how that will add the host name in the subject line of an alert email.

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-11-2013 12:57 PM

Anyone ? ? ?

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...