Solved: combining alerts into one daily email report

vincenp2 · ‎05-07-2019

I want to generate one daily email showing ALL DMC alerts that have been produced in the last 12 or 24 hours, and wondered if it is possible?

alerts are generated individually for each of the 8 main DMC alerts, and we currently receive individual emails for these.
I would like to be presented with one email at the start of the day showing me alerts which have been reported out in the last 12 or 24hrs

thanks

DavidHourani · ‎05-07-2019

Hi @vincenp2,

Sure, it's pretty easy, have a look in your internal logs for your scheduled searches something like index=_internal sourcetype=scheduler should do the trick. From there pick out the searches you want to monitor and then simply add that to your search and make a daily schedule.

Let me know if that helps.

Cheers,
David

View solution in original post

DavidHourani · ‎05-07-2019

Hi @vincenp2,

Sure, it's pretty easy, have a look in your internal logs for your scheduled searches something like index=_internal sourcetype=scheduler should do the trick. From there pick out the searches you want to monitor and then simply add that to your search and make a daily schedule.

Let me know if that helps.

Cheers,
David

combining alerts into one daily email report

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life