Splunk Enterprise

How to set an email alert in Splunk?

Kk
Path Finder

Hi All, I'm to trying to set an email alert notification by using splunk. In the alert Description, I just want to mention only particular field values that search returns. I thought of using $result.fieldname$ but, As splunk says it only returns field first row value in the description. For Example:

Field name:    values

numbers        1,2,3,4,5

search: index=""|table numbers

alert Description: The number values are: $result.numbers$

O/P:

The number values are: 1

O/p Expected:

The number values are:

1,2,3,4,5

Labels (3)
0 Karma
1 Solution

FelixLeh
Contributor

True. Since he wrote "Field name:    values" in the first line I thought "values" is the field name @Kk uses but the table command should've made it obvious to me

View solution in original post

0 Karma

FelixLeh
Contributor

Hi @Kk !
Untested Theory but you could try to make a hidden field like this and reference it with a result token.

 

|eventstats values(values) as _values

 

then reference it in the Mail Description like this:
$result._values$ 

VatsalJagani
SplunkTrust
SplunkTrust

Yes in your @Kk case, it would be 

|eventstats values(numbers) as _numbers

and then you can reference in your description:

$result._numbers$

 

Did you try something like this?

FelixLeh
Contributor

True. Since he wrote "Field name:    values" in the first line I thought "values" is the field name @Kk uses but the table command should've made it obvious to me

0 Karma

Kk
Path Finder

This doesn't work @FelixLeh 

0 Karma

FelixLeh
Contributor

You could also compromise to make it a visible field (eventstats values(fieldename) as new_fieldname) but then its included in your Splunk table. But then it should definitely work.

0 Karma

Kk
Path Finder

Sry, my bad. It is working now..

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...