Solved: action.email.message.alert value starting with a n...

mghori · ‎08-14-2019

I am trying to modify savedsearches.conf, and I wish to have the action.email.message.alert setting value be of multiple lines. This will be contained in the email body, and will inform the alert receiver on actions to perform. I am running into an issue as described below

Currently I have this configured as below

action.email.message.alert setting = some text \
additional text \
1. bullet point 1 \
2. bullet point 2 \

What I am seeing is that the alert message body is omitting any lines that start with a number, so in the above example the bullet points 1 and 2 are being omitted. Is this expected? Can lines not start with a number in the value for action.email.message.alert setting?

jawaharas · ‎08-14-2019

Interesting!

I can't reproduce the issue. Can you try to edit the email body content from GUI?

Below config worked for me:

action.email = 1
action.email.inline = 1
action.email.message.alert = The alert condition for '$name$' was triggered.\
\
1. Line one\
2. Line two
action.email.sendresults = 1

View solution in original post

mghori · ‎08-19-2019

Unfortunately I can't modify this using GUI due to company policies. But thanks for confirming that bullet points with numbers should work fine!

jawaharas · ‎08-14-2019

Interesting!

I can't reproduce the issue. Can you try to edit the email body content from GUI?

Below config worked for me:

action.email = 1
action.email.inline = 1
action.email.message.alert = The alert condition for '$name$' was triggered.\
\
1. Line one\
2. Line two
action.email.sendresults = 1

jawaharas · ‎08-19-2019

@mghori
Cool. Can you accept the answer if it helped you? Thanks.

action.email.message.alert value starting with a number

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!