Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I display results of a Splunk alert before the message content?

flufy999
New Member
‎03-14-2017 08:37 AM

I have an alert that has message content to be sent in an email:

e.g.

Message

Message info here returned about the alert

When the alert triggers the message info is returned followed by the alert.

How do i get the alert info to be returned and the message info (in the message box) to be displayed please?

So

alert 1 results

followed by message info

not:

message

followed by an alert

0 Karma
Reply

cmerriman
Super Champion
‎03-15-2017 05:14 AM

I think one of the only things you can do is to just add a token into your message body that adds more information about the alert (like $result.fieldname$), but it wouldn't really be swapping them around.
http://docs.splunk.com/Documentation/Splunk/6.5.2/Alert/EmailNotificationTokens

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...