Alerting

How do I list fields vertically in an email alert?

MonkeyK
Builder

One problem that I have with alerting from Splunk is that when I alert by email, total width of the table can exceed what the recipient can handle lookin at.  I'd like to start transposing my result table to address this.

 

That is, I'd like to go from sending alerted results like this

timefield1field2field 3
5/31/2022value1value2really long value 3, so long that it creates a formatting problem. Oh noes! What will I do?

To something more like this:

Time: 5/31/2022

field1: value1

field2: values2

field3: really long value 3, so long that it creates a formatting problem. Oh noes! What will I do?

 

I know that I could create a field name called "alert fields" and manually create the fields, but is there a simple way to do this in Splunk

Labels (1)
0 Karma
1 Solution

DanielPriceUK
Path Finder

DanielPriceUK
Path Finder

| transpose

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...