Pretty new to Splunk and looking for advice.
I’ve tried reviewing subsearches, map and foreach looping but I just can’t crack the syntax.
I have two indexes, one that stores computer hostname, ip, and a tag for a contact email.
The other index is scan data regarding missing patches by ip
so you mean you want to create an alert that sends out an email to an email address that was found in the events.
Interesting approach, not sure if it works, but you could set the alert trigger conditions to "for each event" and try to set an "send email" alert action.
You could then try to write the following in the email field: