Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk alert mails and its content

Deepz2612
Explorer
‎03-22-2019 01:16 AM

Hi,

Is there a way to get the list of Splunk alert mails being sent and the mail body content pls.

Tags (1)
0 Karma
Reply

whrg
Motivator
‎03-22-2019 01:54 AM

Hello @Deepz2612,

I use the following Splunk search for listing all triggered email alerts:

index=_audit source=audittrail sourcetype=audittrail alert_actions=email
| eval _time=trigger_time
| rename ss_name as Alert severity as Severity triggered_alerts as Count
| eval Severity=case(Severity==1,"Info",Severity==2,"Low",Severity==3,"Medium",Severity==4,"High",Severity==5,"Critical")
| table _time,Alert,Severity,Count | sort -_time

About the mail body content: I don't think that Splunk logs the mail body. I could not find it anywhere in the internal indexes. I would suggest that you send your alerts to an additional email address for logging purposes. (You can specify multiple email addresses separated by commas in the alert's settings.)

0 Karma
Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...