Splunk Enterprise Security
Highlighted

Correlation search: email notification subject line

New Member

Dear Helpful bloggers, morning

I have question on rule action:
While setting Adaptive Response Actions for Correaltion Search for Send Email, can we choose other useful variables along with $name$. It is confusing when email trigger with simply the correaltion search name without src ip, host or something to distictive identification.

Thanks in advance

0 Karma
Highlighted

Re: Correlation search: email notification subject line

SplunkTrust
SplunkTrust

Hi,

Have you tried tokens in email subject line ? Ref. doc https://docs.splunk.com/Documentation/Splunk/7.3.1/Alert/EmailNotificationTokens#Result_tokens

For example : Splunk Alert: Correlation Name Source - $result.src$ Dest - $result.dest$

0 Karma
Highlighted

Re: Correlation search: email notification subject line

New Member

Yes i have gone thorugh the link but seems like it is having limited tokens and not the one i am looking forward here. Is there any way around in future enhancement

0 Karma