Hi All, I'm to trying to set an email alert notification by using splunk. In the alert Description, I just want to mention only particular field values that search returns. I thought of using $result.fieldname$ but, As splunk says it only returns field first row value in the description. For Example:
Field name: values
search: index=""|table numbers
alert Description: The number values are: $result.numbers$
The number values are: 1
The number values are:
Hi @Kk !
Untested Theory but you could try to make a hidden field like this and reference it with a result token.
|eventstats values(values) as _values
then reference it in the Mail Description like this:
You could also compromise to make it a visible field (eventstats values(fieldename) as new_fieldname) but then its included in your Splunk table. But then it should definitely work.