Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert - Subject - Possible to add host name?

lain179
Communicator
‎01-11-2013 09:42 AM

Hi,

Is there is a way for me to put the host and server name in the subject line of the alert email? Is it possible at all?

I have created an alert searching for the keyword "Fatal error". The logs are generated from several host machines from a few different servers. How do I track which host and/or server the "Fatal error" is from?

The log line looks like this:

2013-01-08 07:34:49,949 ERROR: Fatal error for something something something <(PID)> ServerName

Host is one of the extracted fields.

Thanks!

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

the_wolverine
Champion
‎05-31-2016 11:27 AM

Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.

https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html

View solution in original post

Reply
Solved! Jump to solution
Solution

the_wolverine
Champion
‎05-31-2016 11:27 AM

Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.

https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎01-11-2013 04:06 PM

format your search results and add the required fields

<mysearch> | table _time host source _raw

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-16-2013 11:34 AM

I see. Thanks for confirming. That's what I thought too.

I have read through that documentation already and didn't look like those custom script parameters get me what I need ... unless there is one alert per host, which I am not going to do.

0 Karma
Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎01-14-2013 10:32 AM

My bad, it will add the host in the attached results included in the email, not in the email subject.

As far as I know there is no option to make the subject dynamic (it's static or populated with the search-name). The only way to go further is to use a custom alert script and manage yourself the email creation.
see http://docs.splunk.com/Documentation/Splunk/latest/Alert/Configuringscriptedalerts

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-14-2013 08:56 AM

Thank you for the response. I do not understand how that will add the host name in the subject line of an alert email.

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-11-2013 12:57 PM

Anyone ? ? ?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...