Solved: How to configure alert to send only one email cont...

packet_hunter · ‎12-08-2016

So I have an alert that fires 5 emails, one email per value.

For example, I have an alert based on a report that provides 5 field values. Currently I receive a 5 emails, one for each field. I would like just one email containing all the fields and values. The following are the fields.

Alert Occurred
Alert name
Appliance
MD5
Attachment

I have selected (in the alert):
Number of Results is greater than 0
Trigger for each result (I think this is the problem)
Send email
include Inline Table, attach PDF

The PDF contains all the fields/values I would like.

Does anyone know how to reconfigure my alert to just one email?

Thank you

somesoni2 · ‎12-08-2016

Did you select "Once" OR "For each result" under "Alert options" section (in UI, below Enable Actions section). YOu should be selecting "Once" for single email per alert execution.

View solution in original post

somesoni2 · ‎12-08-2016

Did you select "Once" OR "For each result" under "Alert options" section (in UI, below Enable Actions section). YOu should be selecting "Once" for single email per alert execution.

packet_hunter · ‎12-08-2016

that works!!! Thank you - please convert to an answer.

somesoni2 · ‎12-08-2016

here you go.

How to configure alert to send only one email containing all field values rather than an email per field value?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...