Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Email from Splunk

viksvig
Loves-to-Learn Lots
‎11-24-2021 12:45 PM

I have splunk search - index=cloud EventName: "Error Occurred" XChangeToSalesForce | rename message as "Message" _time as Time | table Time,Message

When i search on splunk search, i get the below response

1637759064  Multiple Terms found for the same agency. Agency code: 

But when the email is sent, i get nothing on the message field

Time

Message

1637759064 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

johnhuang
Motivator
‎11-24-2021 12:50 PM

How is the email formatted? Are you inserting the results as an inline table?

0 Karma
Reply

Siddharth
Path Finder
‎12-01-2021 01:49 PM

Try to add the results in some log or lookup and check the output 

In case if it is empty check the data and if not try to send the alert to your mail id using  this 

| makeresults | eval a = temp | table  a _time

and use inline table in your alert 

0 Karma
Reply

viksvig
Loves-to-Learn Lots
‎11-24-2021 01:39 PM

@johnhuang  it is formatted as inline table, i tried inline raw as well

0 Karma
Reply

viksvig
Loves-to-Learn Lots
‎11-29-2021 11:27 AM

@johnhuang  any idea why it is skipping the Messages

0 Karma
Reply

johnhuang
Motivator
‎12-01-2021 10:05 AM

Could you post a sample of the search result and also the email template config.

0 Karma
Reply

viksvig
Loves-to-Learn Lots
‎12-01-2021 10:56 AM

viksvig_0-1638384842160.png

This is the search and I am getting the desired result here. But when Email is sent the Message field blanks out

viksvig_1-1638384948005.png

 

0 Karma
Reply

viksvig
Loves-to-Learn Lots
‎12-01-2021 10:57 AM

viksvig_0-1638385016488.png

 

0 Karma
Reply

johnhuang
Motivator
‎12-01-2021 11:37 AM

That's strange and interesting. Lets rule out a few things.

1. Could you enable the options "Attach CSV" and "Attach PDF"? Run another test and see if the data is in the attachments.

2. Let's replace the data in Message with safe characters and see if that works.

| eval message="testing_"._time

 

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...