Splunk AppDynamics
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to include current, baseline, threshold values in HTML Body event message in Email Template

CommunityUser
Splunk Employee
Splunk Employee
‎07-25-2018 12:25 AM

Hello,

We have to change the email template body message to below, we are able to print Time Stamp, Alert Type, Event message but we are unable to get Current, Baseline and Threshold value to print separatly.

--------------------------------------------------------------------------------------------------------------

Used below for Time Stamp, Alert Type and Message

Time Stamp: ${action.triggerTime}:

Alert Type: ${latestEvent.healthRule.name}
For Application ${latestEvent.application.name}  Current ${latestEvent.healthRule.name} has breached the baseline value for last 10/20 mins.

Current Value - <$xxxx>

Baseline Value - <$xxxxx>

Threshold (3 Std Deviations) - <$xxxx>

--------------------------------------------------------------------------------------------------------------

Output:

Time Stamp - Tue Jul 24 12:42:10 IST 2018:

Alert Type - Average Response Time

For Application ABC_XYZ_Prod  Current Average Response Time 7754.0 has breached the baseline value for last 10/20 mins.

 

Current Value - 7754.0 <Unable to print>

Baseline Value - 337.0 <Unable to print>

Threshold (3 Std Deviations) - 517.4 <Unable to print>

--------------------------------------------------------------------------------------------------------------

Please suggest

Thanks,

kalyan

Labels (3)
Capture.PNG
Preview file
30 KB
Reply

SERDAR_KULHANCI
Engager
‎10-04-2018 11:58 PM

+1

0 Karma
Reply

Rugved_Sarode
Explorer
‎03-27-2019 03:06 PM

Hello,

There is already an enhancement to further expose values under eventMessage variables such as condition, violating values etc.

Currently, eventMessage is the only option which is a long string.

You can use split / regex on a string as in the usual java context.

Example-

#set ($summary = ${latestEvent.summaryMessage})
#set ($job = $summary.split(" "))
summary: $summary
Job: $job[2]
Job2: $job.get(2)

This is the sample eventMessage-

AppDynamics has detected a problem with Node nodejs-api-services--9.
Memory utilization is too high started violating and is now critical.
All of the following conditions were found to be violating
For Node nodejs-api-services--9:
1) Hardware Resources|Memory|Used % Condition
Used %'s value 93.00 was greater than the threshold 90.00 for the last 30 minutes

where we have set condition name as "Hardware Resources|Memory|Used %"

Reply

Abhimanyu_Sharm
New Member
‎01-27-2020 03:00 AM

@Rugved.Sarode Unfortunately this is not working for me.

Sample summary message- AppDynamics has detected a problem with Node node1.
Memory utilization is too high started violating and is now warning.

After splitting the summary message I am getting "detected" with both $job.get(2) and $job[2].

I am not sure how you were able to get

Used %'s value 93.00 was greater than the threshold 90.00 for the last 30 minutes

from summary message you provided.

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...
Top