All Apps and Add-ons

HipChat Room Notification Alert: How to get all the results of an alert email to also appear in HipChat and other custom alerts?

burwell
SplunkTrust
SplunkTrust

We have an alert that returns a set of errors by error type:

index=foo ... | stats count as count_errors by myfield | sort - count_errors | where count_errors > 0

This will produce

myfield        count
errortype1     45
errortype2     33
errortype3     10

We can get this table emailed to use using line and table.

For custom actions, e.g. HipChat, I can only see to get one value for the first one by referencing $result.myfield$

How can we get all the results that email would see to also appear in HipChat or other custom alerts?

0 Karma
1 Solution

starcher
SplunkTrust
SplunkTrust

Try changing the alert mode of the search in Searches, Reports and Alerts, from Once per Search to Once per Result

View solution in original post

starcher
SplunkTrust
SplunkTrust

Try changing the alert mode of the search in Searches, Reports and Alerts, from Once per Search to Once per Result

burwell
SplunkTrust
SplunkTrust

Hmm. Wouldn't that cause two different alerts? I guess I can try and let you know.

0 Karma

burwell
SplunkTrust
SplunkTrust

Yes I got two separate alerts back to back. At least I can see the info. Thanks.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...