Splunk Search

Can I get the raw events (Results of the search) in an Alert Email?

vinodmadaan
Path Finder

Hi,

I am looking for a way to get the events in the alert email rather than the statistics i.e. I want to see what "view result" link shows on click on splunk page directly into the email.

Is this even possible?

Thanks in advance.
Vinod.

Tags (4)
0 Karma
1 Solution

stephanefotso
Motivator

Yes : You can include Inline listing of results, as a table, raw events, or CSV file whent configuring your email actions.
For more informations, take a look here: http://docs.splunk.com/Documentation/Splunk/latest/Alert/Setupalertactions

View solution in original post

0 Karma

stephanefotso
Motivator

Yes : You can include Inline listing of results, as a table, raw events, or CSV file whent configuring your email actions.
For more informations, take a look here: http://docs.splunk.com/Documentation/Splunk/latest/Alert/Setupalertactions

0 Karma

vinodmadaan
Path Finder

Hi Stephanefotso,

Thanks for the reply, But this not what I am asking for sorry. I know we can include all this, but what I want it to get the events like they come up when we do a search by typing the query (I hope it is making sense what I am asking) with all the stuff like source type host etc etc.

0 Karma

stephanefotso
Motivator

you can get raw events. Let suppose You create an alert that send an email when the word error is find for the last 1 hours and it would send an email when found.
Here is the query with the _internal index: index=_internal "error" . A search like this will provide events, that you can decide to get in your mail the same way you get it in splunk web when simply type the query, by silply include raw events when configuring your email action.

vinodmadaan
Path Finder

Gotcha! Sorry I got confused.
Thank you so much for you answer 🙂

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...