All Apps and Add-ons

Alert Manager: How to assign a certain incident to an owner based on the results of a search?

New Member

Hello

I am trying to assign certain incident to an owner based on the results of a search. Is this possible? If not, is it possible to parse the value to a tag value?

Thanks

0 Karma
1 Solution

Contributor

That should be possible when you put

$result.field_from_your_search$

in the "Owner" field of the alert action settings, so something like this:

alt text

Note: If there are multiple results, Splunk uses the value from the first row.

View solution in original post

0 Karma

Contributor

That should be possible when you put

$result.field_from_your_search$

in the "Owner" field of the alert action settings, so something like this:

alt text

Note: If there are multiple results, Splunk uses the value from the first row.

View solution in original post

0 Karma

New Member

Thanks

works great.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!