Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

action.email.message.alert value starting with a number

mghori
New Member
‎08-14-2019 08:16 AM

I am trying to modify savedsearches.conf, and I wish to have the action.email.message.alert setting value be of multiple lines. This will be contained in the email body, and will inform the alert receiver on actions to perform. I am running into an issue as described below

Currently I have this configured as below

action.email.message.alert setting = some text \
additional text \
1. bullet point 1 \
2. bullet point 2 \

What I am seeing is that the alert message body is omitting any lines that start with a number, so in the above example the bullet points 1 and 2 are being omitted. Is this expected? Can lines not start with a number in the value for action.email.message.alert setting?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jawaharas
Motivator
‎08-14-2019 08:13 PM

Interesting!

I can't reproduce the issue. Can you try to edit the email body content from GUI?

Below config worked for me:

action.email = 1
action.email.inline = 1
action.email.message.alert = The alert condition for '$name$' was triggered.\
\
1. Line one\
2. Line two
action.email.sendresults = 1

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mghori
New Member
‎08-19-2019 08:06 AM

Unfortunately I can't modify this using GUI due to company policies. But thanks for confirming that bullet points with numbers should work fine!

0 Karma
Reply
Solved! Jump to solution
Solution

jawaharas
Motivator
‎08-14-2019 08:13 PM

Interesting!

I can't reproduce the issue. Can you try to edit the email body content from GUI?

Below config worked for me:

action.email = 1
action.email.inline = 1
action.email.message.alert = The alert condition for '$name$' was triggered.\
\
1. Line one\
2. Line two
action.email.sendresults = 1
0 Karma
Reply
Solved! Jump to solution

jawaharas
Motivator
‎08-19-2019 02:54 PM

@mghori
Cool. Can you accept the answer if it helped you? Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...