Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you properly format Splunk email alerts?

samsam48
Explorer
‎09-06-2018 07:21 AM

I'm new to Splunk, and I'm having a hard time understanding how to properly format Splunk Email Alerts. I understand that we're able to pull information from the search results to include in the email body (like a field name with: $result.fieldName$). However, this is limited to the first value of the first row of results.

What if we had 100 events from the query, and we wanted to display the values of field_A that correspond to N number of events that have another field field_B = some_field_value.

The documentation doesn't seem to discuss anything more complex than pulling out single values, and it's making it difficult to build an email alert that provides charts of diagnostic information.

Any help or useful resources to look at would be appreciated. Thanks.

0 Karma
Reply

renjith_nair
Legend
‎09-06-2018 07:36 AM

Hi @samsam48,

By $result.fieldName$ you are referring to the message field. If you want to put the entire result in the email content, you can use the Include option - the 7th option mentioned in the following documentation

http://docs.splunk.com/Documentation/Splunk/7.1.2/Alert/Emailnotification#Define_an_email_notificati...

Also you could opt to just add the link to the results or add as a PDF/csv attachments.

Hope that helps for your requirement

---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...