Can you modify/create a Splunk action (e.g. send email) to produce an email alert in a more "business user" friendly way?
In my example there is a service that will log an error and we have a created an alert that gets sent to a business team (non IT) to inform them that an action is required due to the error
Currently we use a standard email alert, "send email", and generate the content of the email in a table format:
In most cases this is fine, but we have a requirement to make the email alerts more readable and business friendly, include company logo and a footer.
Is this possible in Splunk?
Ideally we would want to construct the email alert using fields from the error and then make it look pretty 🙂
You can try including the text you want into the Email footer under settings -> Server settings (in 'SYSTEM' section) -> Email settings which would look like this.
settings -> Server settings (in 'SYSTEM' section) -> Email settings