Splunk IT Service Intelligence

Spunk IT Service Intelligence : How can I pass the field value to comments (in Action rules) for Notable Event Grouping

harshal_chakran
Builder

Hi,
I am grouping the Notable events on certain conditions and set the action rules for them.
In Alert Actions, we have a section "add a comment". I want this comment to be dynamic based on field value passed.
Currently the static one works like : ISSUE from SERVER got RESOLVED

I want this ISSUE field to take dynamic values. I have tried %ISSUE% , $result.ISSUE$ and $ISSUE$, but no luck.

0 Karma
1 Solution

skadadi_splunk
Splunk Employee
Splunk Employee

Hi Harshal,
We dont have that capability yet in ITSI. It sounds like a very valid use case and I can follow up with the Product Owners to see when we could get this feature.

View solution in original post

0 Karma

skadadi_splunk
Splunk Employee
Splunk Employee

Hi Harshal,
We dont have that capability yet in ITSI. It sounds like a very valid use case and I can follow up with the Product Owners to see when we could get this feature.

0 Karma

harshal_chakran
Builder

Thanks skadadi,
Eagerly waiting for this feature.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...