How to get the URL of the alert that triggered

vrmandadi · ‎07-30-2018

Hello ,

I have created an alert which when triggered sends events to service now,the alerts sends a type.severity,node etc fields.How can I include the URL of the alert triggered in a field called additional_info similar to the view results in splunk in alert actions which will redirect to the same search than trigerred the alert

Below is the search I ran

index=main sourcetype="aws:cloudtrail" eventName=ConsoleLogin additionalEventData.MFAUsed=No
| eval time=strftime(_time,"%d/%m/%Y %H:%M:%S")
| eval node=recipientAccountId
| eval resource="AWS Console LogIn"
| eval type="Console LogIn without MFA"
| eval severity=1
| eval description="Logged into AWS console without MFA" . " AWSAccount: " . recipientAccountId . " Source IP: ". sourceIPAddress." on ". time
| table node resource type severity description
| eval splunk="https://splunk.zzz.com/en-US/app/search/search?q=search%20index%3Dmain%20sourcetype%3D%22aws%3Acloud..."

| addinfo
| strcat splunk info_sid additional_info
| table node resource type severity description additional_info
| snoweventstream

How to get the URL of the alert that triggered

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >