Dashboards & Visualizations

How to combine results of two alerts into one email?

michaelsplunk1
Path Finder

Hello!

We currently have two separate alerts. One that prints a list of devices and another that prints a list of records related to those devices (I used the map command to iterate over the list of devices to print the list of records for each device).

So currently we get two emails, one right after the other. The first has the list of devices and the second has the records for those devices.

Is there a way to print the list of devices and the list of all their records right below in a single email?

Labels (1)
Tags (3)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

This is not possible. You could try creating a single search which combines both your current searches.

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...