Splunk Alert to Slack : Is it possible to have cer...

Alerting

Hi here, I am trying to build a Splunk alert with Slack, to pass a table column of value as an array of value, eg.

Result Table

===========

Field1	Field2
A1	B1
A2	B2

Expected Alert Message

===========

Field1 : ["A1", "A2"]

I am currently referencing the following documentation, with the result token $result.Field1$. However, it shows only the value on the 1st row, ie. Field1 : A1. I wonder is it possible to have the alert message done, with an array of value instead ? Thanks in advance !

https://docs.splunk.com/Documentation/Splunk/8.2.1/Alert/EmailNotificationTokens

https://github.com/splunk/slack-alerts/issues/30

Get Updates on the Splunk Community!

Observability Newsletter Highlights | March 2023

March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...

Platform Newsletter Highlights | March 2023

March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...