Alerting

Alert - Subject - Possible to add host name?

Communicator

Hi,

Is there is a way for me to put the host and server name in the subject line of the alert email? Is it possible at all?

I have created an alert searching for the keyword "Fatal error". The logs are generated from several host machines from a few different servers. How do I track which host and/or server the "Fatal error" is from?

The log line looks like this:

2013-01-08 07:34:49,949 ERROR: Fatal error for something something something <(PID)> ServerName

Host is one of the extracted fields.

Thanks!

Tags (2)
1 Solution

Champion

Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.

https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html

View solution in original post

Champion

Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.

https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html

View solution in original post

Splunk Employee
Splunk Employee

format your search results and add the required fields

<mysearch> | table _time host source _raw

0 Karma

Communicator

I see. Thanks for confirming. That's what I thought too.

I have read through that documentation already and didn't look like those custom script parameters get me what I need ... unless there is one alert per host, which I am not going to do.

0 Karma

Splunk Employee
Splunk Employee

My bad, it will add the host in the attached results included in the email, not in the email subject.

As far as I know there is no option to make the subject dynamic (it's static or populated with the search-name). The only way to go further is to use a custom alert script and manage yourself the email creation.
see http://docs.splunk.com/Documentation/Splunk/latest/Alert/Configuringscriptedalerts

0 Karma

Communicator

Thank you for the response. I do not understand how that will add the host name in the subject line of an alert email.

0 Karma

Communicator

Anyone ? ? ?

0 Karma