Solved: Alert Manager App

davidda · ‎02-21-2017

Hello,
What are the variables I can use the display_fields cell under the incident setting tab?
Also, there is a way to make the Alert description more readable it is ignoring my description structure and present it in a single row.

Thanks

Simon · ‎02-22-2017

Hi
display_fields contains a space-delimited list of field names. The field names are used to pick fields from the results of the alert and will be shown in the incident posture dashboard when you expand an incident by clicking the icon at the beginning of a row:

In my exmple, I added 'user' to display_fields, which is a field in the results triggering the alert.
Larger screenshot: https://img42.com/a7nfO

Regarding the description: What do you mean exactly with description?

View solution in original post

Simon · ‎02-22-2017

Hi
display_fields contains a space-delimited list of field names. The field names are used to pick fields from the results of the alert and will be shown in the incident posture dashboard when you expand an incident by clicking the icon at the beginning of a row:

In my exmple, I added 'user' to display_fields, which is a field in the results triggering the alert.
Larger screenshot: https://img42.com/a7nfO

Regarding the description: What do you mean exactly with description?

davidda · ‎02-22-2017

Hi Simon,
Thank you for the quick answer, I've understood now how to use the display_fields.
About the description I would like to be able to see it as an email content, for example:

Description:
1. Test
2. Test

And not

Description: 1.Test 2.Test

Thank you.

davidda · ‎02-26-2017

I've found how to fix the description as I wanted using HTML Tags.

Alert Manager App

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life