Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Email Alert Subject

hjwang
Contributor
‎07-13-2012 01:37 AM

Dear Splunkers:

Is there any way to add extra search result field value to alert email subject? like host value
Thanks in advance!!

Tags (2)
Reply

rturk
Builder
‎07-13-2012 06:50 AM

From what I've read, it supports $name$ and the name of the saved search, and $seach$ as the search string itself.

You can configure scripted alerts as per as alert_actions.conf#Script_options, but you're constrained by these 8:

SPLUNK_ARG_0 Script name
SPLUNK_ARG_1 Number of events returned
SPLUNK_ARG_2 Search terms
SPLUNK_ARG_3 Fully qualified query string
SPLUNK_ARG_4 Name of saved search
SPLUNK_ARG_5 Trigger reason (for example, "The number of events was greater than 1")
SPLUNK_ARG_6 Browser URL to view the saved search
SPLUNK_ARG_8 File in which the results for this search are stored (contains raw results)

If you want to use hosts, then I think you're going to have to play around with custom scripted inputs.

Check this link out as well, which can point you in the right direction: http://splunk-base.splunk.com/answers/34570/how-to-add-custom-email-alert-content

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...