Solved: Spunk IT Service Intelligence : How can I pass the...

harshal_chakran · ‎02-01-2017

Hi,
I am grouping the Notable events on certain conditions and set the action rules for them.
In Alert Actions, we have a section "add a comment". I want this comment to be dynamic based on field value passed.
Currently the static one works like : ISSUE from SERVER got RESOLVED

I want this ISSUE field to take dynamic values. I have tried %ISSUE% , $result.ISSUE$ and $ISSUE$, but no luck.

skadadi_splunk · ‎02-02-2017

Hi Harshal,
We dont have that capability yet in ITSI. It sounds like a very valid use case and I can follow up with the Product Owners to see when we could get this feature.

View solution in original post

skadadi_splunk · ‎02-02-2017

Hi Harshal,
We dont have that capability yet in ITSI. It sounds like a very valid use case and I can follow up with the Product Owners to see when we could get this feature.

harshal_chakran · ‎02-02-2017

Thanks skadadi,
Eagerly waiting for this feature.

Spunk IT Service Intelligence : How can I pass the field value to comments (in Action rules) for Notable Event Grouping

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!