Solved: Re: Need a custom variable for split the variable ...

Ashish_Saxena3 · ‎02-01-2023

Hello,

Please help if some has done this before,

I need custom variable to split the variable output for my applications (xyzabc.com [P], abcxyz.com [G] & xyz123.com [S])

Output should be:
Application=[P]
Application=[S]
Application=[G]
_______

Please refer the below payload which I am using :

[
{
"labels": {
"Message": "A health rule violation occurred for the application ${latestEvent.application.name}",
"Time_of_Occurrence": "${action.triggerTime}",
"source": "AppD",
"Application_Name": "${latestEvent.application.name}",
"Event_Name": "${latestEvent.displayName}",
"Event_Message" : "${latestEvent.eventMessage}",
},
"annotations":
{
"type": "image",
"src": "${latestEvent.severityImage.deepLink}",
"alt": "${latestEvent.severity}",
"type_link": "link",
"href": "${latestEvent.deepLink}",
"text": "View this transaction in AppDynamics",
"Event_Message" : "${latestEvent.eventMessage}"
}

}
]

Morelz · ‎02-02-2023

Hi Ashish

It uses Apache Velocity as an intermediary translator through which variables get resolved. Anything that is supported in https://velocity.apache.org/

Examples below, you can use an if statement for what you require

Ciao

View solution in original post

Morelz · ‎02-02-2023

Hi Ashish

It uses Apache Velocity as an intermediary translator through which variables get resolved. Anything that is supported in https://velocity.apache.org/

Examples below, you can use an if statement for what you require

Ciao

Need a custom variable for split the variable output

Controller

Licensing

User Management

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...