Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to mask a URL in a Splunk alert email body

rashi83
Path Finder
‎11-18-2019 09:22 AM

I am providing a search string in an alert email body.
I want to mask this search string instead of showing the contents of it.

How can we do it?

0 Karma
Reply

to4kawa
Ultra Champion
‎11-18-2019 11:55 AM 
index=_internal source=license_usage.log type="Usage" idx=""
|stats sum(b) as vol by idx 
| eval gb=round(vol/1073741824,2)
| where gb>=0.3
| eval your_desire_url="https://splunk.google.com/licensedashboard?form.field1.earliest=%40d&form.field1.latest=now&form.ix=".$idx$."&form.hst=*&form.ste=*&form.sc=*&form.index=*"

$result.your_desire_url$ in email body

0 Karma
Reply

rashi83
Path Finder
‎11-18-2019 12:54 PM

I am still getting the entire URL in the email .

This is still coming in email - https://splunk.google.com/licensedashboard?form.field1.earliest=%40d&form.field1.latest=now&form.ix=...

0 Karma
Reply

to4kawa
Ultra Champion
‎11-19-2019 03:09 AM

$result.your_desire_url$ works fine.
but $idx$ does not work.
Is there any problem with the eval result of a normal search?

0 Karma
Reply

to4kawa
Ultra Champion
‎11-18-2019 09:35 AM

Email notification
Hi, Uncheck Search String

0 Karma
Reply

rashi83
Path Finder
‎11-18-2019 10:24 AM

this doesn't solve the problem. Now the search string is just coming as "

0 Karma
Reply

to4kawa
Ultra Champion
‎11-18-2019 11:28 AM

Please provide an example of the email text.

0 Karma
Reply

rashi83
Path Finder
‎11-18-2019 11:44 AM

This is my alert search string : index=_internal source=license_usage.log type="Usage" idx=""
|stats sum(b) as vol by idx | eval gb=round(vol/1073741824,2)
|where gb>=0.3

This I want it in email body : The alert condition for '$name$' was triggered.

https://splunk.google.com/licensedashboard?form.field1.earliest=%40d&form.field1.latest=now&form.ix=...

Last URL I want to mask it and call it as Splunk Index or something instead of showing its contents.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...