Alerting

action.email.message.alert value starting with a number

mghori
New Member

I am trying to modify savedsearches.conf, and I wish to have the action.email.message.alert setting value be of multiple lines. This will be contained in the email body, and will inform the alert receiver on actions to perform. I am running into an issue as described below

Currently I have this configured as below

action.email.message.alert setting = some text \
additional text \
1. bullet point 1 \
2. bullet point 2 \

What I am seeing is that the alert message body is omitting any lines that start with a number, so in the above example the bullet points 1 and 2 are being omitted. Is this expected? Can lines not start with a number in the value for action.email.message.alert setting?

Tags (1)
0 Karma
1 Solution

jawaharas
Motivator

Interesting!

I can't reproduce the issue. Can you try to edit the email body content from GUI?

Below config worked for me:

action.email = 1
action.email.inline = 1
action.email.message.alert = The alert condition for '$name$' was triggered.\
\
1. Line one\
2. Line two
action.email.sendresults = 1

View solution in original post

0 Karma

mghori
New Member

Unfortunately I can't modify this using GUI due to company policies. But thanks for confirming that bullet points with numbers should work fine!

0 Karma

jawaharas
Motivator

Interesting!

I can't reproduce the issue. Can you try to edit the email body content from GUI?

Below config worked for me:

action.email = 1
action.email.inline = 1
action.email.message.alert = The alert condition for '$name$' was triggered.\
\
1. Line one\
2. Line two
action.email.sendresults = 1
0 Karma

jawaharas
Motivator

@mghori
Cool. Can you accept the answer if it helped you? Thanks.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...