Solved: Configure alert to send email to a certain field v...

evallja · ‎01-10-2023

Hello everyone,

I have the following results when running my search:

_time user connection
1 2023-01-09 20:36:04 john Transport closing
2 2023-01-09 20:32:45 brian DPD failure
3 2023-01-09 19:44:26 tom assigned to session

Please, I want to configure an alert to send the _raw field by email to the specific user (by adding @gmail.com), every time it returns results from that user, (ex. john@gmail.com, brian@gmail.com, tom@gmail.com)

Thank you in advance.

PaulPanther · ‎01-10-2023

Just use eval to set up a new internal field

| eval _mail_address=user + "@gmail.com,"

and then use this field in your alert as recipient $result._mail_address$. Finally set the trigger to "For each result" to send each line to the specific mail_address.

View solution in original post

PaulPanther · ‎01-10-2023

Just use eval to set up a new internal field

| eval _mail_address=user + "@gmail.com,"

and then use this field in your alert as recipient $result._mail_address$. Finally set the trigger to "For each result" to send each line to the specific mail_address.

Configure alert to send email to a certain field value?

other

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk