Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Plain Text Email options

diegosainz
Path Finder
‎11-15-2012 09:44 AM

I would like to modify the plain text email option to remove the _raw and the dashes from the top of the email. Is there a simple way to make that modification?

Tags (3)
0 Karma
Reply

itinney
Path Finder
‎11-15-2012 10:38 AM

The inclusion of the _raw field is down to the search itself, so you can have it excluded by using the fields command, i.e.

sourcetype=blah | fields - _raw

or to exclude all hidden fields

sourcetype=blah | fields - _*

If you really only need specific fields, then use the table command to specify which fields you want displayed,
i.e.

sourcetype=blah | table source, sourcetype, host, index

The dashes at the top underline the header row, do you not want any column headings? Without the _raw field you will only have a table of fields and the header row is surely useful?

Reply

itinney
Path Finder
‎11-15-2012 12:37 PM

It might help to include your search, but I would guess that the search just needs to have the following added to the end of it:
... | fields - _raw

Reply

diegosainz
Path Finder
‎11-15-2012 11:31 AM

Thanks for the quick response. I am looking to have the email sent to an automated ticketing system and would like just the field data in there. I have removed all but the _raw field and do not have a table in the plain test. The dashes themselves are more cosmetic for removal.

Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...