Solved: Can we add specific text in Alerts

xvxt006 · ‎04-23-2015

Hi,

We would like to add alert specific contextual information. is it possible to modify each alert to have custom text in there?

ChrisG · ‎04-23-2015

If you are using the alert to send an email, you can customize the email message with any text you want, as well as tokens to include variables from the search that generated the alert. See Set up alert actions > Email notification in the Alerting Manual.

View solution in original post

stephane_cyrill · ‎04-23-2015

You can create a contextual message for your alert and populate the event corresponding to the alert and the message in and index where you will go and retrieve them after.

to do that you have to buid your alert like this:

|Eval message= or < if(.......) > |table message otherfields|collect index youIndex

after setting your alert as you like where the alert will be triggered, you will have it in yourIndex with your message.

stephane_cyrill · ‎04-23-2015

feel free to vote and accept .....

ChrisG · ‎04-23-2015

If you are using the alert to send an email, you can customize the email message with any text you want, as well as tokens to include variables from the search that generated the alert. See Set up alert actions > Email notification in the Alerting Manual.

xvxt006 · ‎04-23-2015

Nice...Thank you..

stephanefotso · ‎04-23-2015

Only if you want to send an email message, you can add a message

SGF

Can we add specific text in Alerts

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector