Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Email Alert Subject

hjwang
Contributor
‎07-13-2012 01:37 AM

Dear Splunkers:

Is there any way to add extra search result field value to alert email subject? like host value
Thanks in advance!!

Tags (2)
Reply

rturk
Builder
‎07-13-2012 06:50 AM

From what I've read, it supports $name$ and the name of the saved search, and $seach$ as the search string itself.

You can configure scripted alerts as per as alert_actions.conf#Script_options, but you're constrained by these 8:

SPLUNK_ARG_0 Script name
SPLUNK_ARG_1 Number of events returned
SPLUNK_ARG_2 Search terms
SPLUNK_ARG_3 Fully qualified query string
SPLUNK_ARG_4 Name of saved search
SPLUNK_ARG_5 Trigger reason (for example, "The number of events was greater than 1")
SPLUNK_ARG_6 Browser URL to view the saved search
SPLUNK_ARG_8 File in which the results for this search are stored (contains raw results)

If you want to use hosts, then I think you're going to have to play around with custom scripted inputs.

Check this link out as well, which can point you in the right direction: http://splunk-base.splunk.com/answers/34570/how-to-add-custom-email-alert-content

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...