Splunk Enterprise Security

Splunk App for Enterprise Security: How to add the urgency of notable events in the email subject line?

ssuresh
Explorer

Dear All,

We have to include the urgency of the event in the Splunk App for Enterprise Security notable events. Could anybody help me out which variable I need to add in the subject line?

$alert.severity$ is taking the severity level. it's not idle variable we can use it.

Thanks,

Sunil

0 Karma

mparks11
Path Finder
$urgency$ 

This worked for me in the Title of the Notable Event (in the Correlation Search), and should work in the Email Subject as well, I'd tend to believe.

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...