Alerting

How to hidden a certain fields value in an Inline table in email alert?

phamxuantung
Communicator

Hello,

My alert produces a table like this:

 

Time   |ID | FILE_NAME |STATUS
_time1 |3  |file1.csv  |SUCCESS
_time2 |5  |file2.csv  |DATA_ERROR

 

 

I want to send an Inline table that only contains STATUS=DATA_ERROR. But in the body of the email, I still want to use the token $result.Time$ and $result.FILE_NAME$ from the STATUS=SUCCESS.
Email body example:

1. File name success detail:

File name: file1.csv
Effective time: _time1

2. Data error detail:

ID |FILE_NAME|STATUS

5  |file2.scv        |DATA_ERROR

So it's basically, hide the STATUS=SUCCESS row- but still use its values in the token email.

Thank you in advance

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...