Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert - Subject - Possible to add host name?

lain179
Communicator
‎01-11-2013 09:42 AM

Hi,

Is there is a way for me to put the host and server name in the subject line of the alert email? Is it possible at all?

I have created an alert searching for the keyword "Fatal error". The logs are generated from several host machines from a few different servers. How do I track which host and/or server the "Fatal error" is from?

The log line looks like this:

2013-01-08 07:34:49,949 ERROR: Fatal error for something something something <(PID)> ServerName

Host is one of the extracted fields.

Thanks!

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

the_wolverine
Champion
‎05-31-2016 11:27 AM

Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.

https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html

View solution in original post

Reply
Solved! Jump to solution
Solution

the_wolverine
Champion
‎05-31-2016 11:27 AM

Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.

https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎01-11-2013 04:06 PM

format your search results and add the required fields

<mysearch> | table _time host source _raw

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-16-2013 11:34 AM

I see. Thanks for confirming. That's what I thought too.

I have read through that documentation already and didn't look like those custom script parameters get me what I need ... unless there is one alert per host, which I am not going to do.

0 Karma
Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎01-14-2013 10:32 AM

My bad, it will add the host in the attached results included in the email, not in the email subject.

As far as I know there is no option to make the subject dynamic (it's static or populated with the search-name). The only way to go further is to use a custom alert script and manage yourself the email creation.
see http://docs.splunk.com/Documentation/Splunk/latest/Alert/Configuringscriptedalerts

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-14-2013 08:56 AM

Thank you for the response. I do not understand how that will add the host name in the subject line of an alert email.

0 Karma
Reply
Solved! Jump to solution

lain179
Communicator
‎01-11-2013 12:57 PM

Anyone ? ? ?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...