Getting Data In

How to Declare ENV Variable in Alert

Naa_Win
Path Finder

Hello,

I'm trying to create an alert in DEV Environment to include "DEV" with subject something like 

Splunk Alert:  DEV - MyAlert

I can't hardcore this since we deploy the same alert to PROD through GIT and we can't make corrections to the code. 

So I'm looking something (Splunk Alert:  $env$- $name$) if there is way to implement this. 

My splunk cloud urls
DEV : xydev.splunkcloud.com
PROD : xyprod.splunkcloud.com

Labels (1)
Tags (2)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

1. You posted it in "Geting data in" section which deals with... well, getting data into Splunk. But you're talking about alerts. Do you want to ingest alerts into Splunk or are you talking about something else?

2. If by any chance you're talking about triggering alerts withing Splunk by means of saved search and alert actions - are you talking about custom alert action or just a standard action (which one?) just triggered on different environments?

0 Karma

Naa_Win
Path Finder

Apologies, didn't realized it got posted in "Getting Data in".

Well, I have a data already in Splunk and trying to create a custom alert to trigger an email to DL, when the condition met. But I don't have an env field in either DEV & PROD data. When I create alert with subject DEV $name$. the admin team deploying the same code to PROD saying that they wanted to keep the same code across all env. 

I'm getting the alert as "DEV myAlert" in PROD. So checking if there is a way to implement this just by including the token ?? 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

https://docs.splunk.com/Documentation/Splunk/9.2.0/Alert/EmailNotificationTokens

Here you have what tokens you can use. I assume you want the same saved search config on both environments so result-based tokens are also a no-no. So you're limited to $server.serverName$ I think

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...