Alerting

Send same email alert to different email ids based on a condition

architkhanna
Path Finder

hello,

I have a saved search that triggers an alert in the form of an email.
I want that alert to be sent to different email id's based on a condition.

For example, I have 7 applications values in the search result and each application has an application owner.
When the threshold value is reached for SLA  suppose, for a given application, only that application owner must be sent email to.

Looking for inputs.
TIA.

Labels (4)
0 Karma

ayush1906
Path Finder

Hi @impurush 

This seems to works.

1) For use in token in email header or body, create a version of the field you want with an underscore as a prefix (e.g., | eval _fieldA = fieldA). You will use this field in the token -- e.g., $result._fieldA$.
2) Use 'fields' command instead of 'table' command. (I thought I had to use 'table' command to order the fields as I wanted in the email output. But 'fields' seems to work for that purpose as well.) Be sure to include the underscore-prefixed version of the field you want (e.g., "_fieldA") to use as token. (I just put it at the end.) Because it is prefixed with underscore, it won't show up in email table output.

 

credits: wryanthomas

source: https://community.splunk.com/t5/Alerting/I-am-sending-a-table-in-mail-as-an-alert-but-I-want-to-hide... 

impurush
Contributor

@ayush1906 Awesome, thank you so much. I have been trying to overcome this scenario for the last three days. It is working perfectly and as expected.

0 Karma

ayush1906
Path Finder

😊

0 Karma

ayush1906
Path Finder

hi, 

get the email id as a column in result lets say email, and in the TO field of alert pass it as a token   "  $result.email$  "

 

The same can be achieved in search using sendemail in search.

 

ayush1906_0-1603279766429.png

 

cheers!



0 Karma

impurush
Contributor

@ayush1906 In this case, the email id values also will be present in the result email. But is there any way to send an email without a present in the result email?

The resulting email contains the below columns based on your suggestions.
Col A   Col B  email

But, I am trying to get the result email like below
Col A Col B

Thanks in advance.

0 Karma
Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...