Splunk ITSI
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Action Rule for an email notification in Notable_Event_Aggregation_Policy is not working

tangtangtang12
New Member
‎10-17-2024 09:28 AM

ITSI for Alert $result.service_name$ on host $result.src$ $result.description$

An event has been detected:
Host: $result.host$
Source: $result.source$
Error Code: $result.error_code$
Description: $result.description$

I'm fairly new to ITSI and Splunk in general and I couldn't find out any information on tokens that clearly. The only token that is working right now is $result.description$,. Any assistance will be much appreciated. 

 

Thank you

 

Labels (3)
0 Karma
Reply

skramp
SplunkTrust
SplunkTrust
‎10-25-2024 12:17 AM

Hi,

 

maybe you are searching for this: https://docs.splunk.com/Documentation/Splunk/9.3.1/Alert/EmailNotificationTokens

 

please take also a look into index=_internal if there is a hint why your emails aren’t send. Have you tried if a normal spl query with the command „sendemail“ works? Email server settings are correct? 

0 Karma
Reply
Get Updates on the Splunk Community!

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...