Hi Splunkers ,
Im trying to build a dashboard to capture all the triggered alerts with some custom actions to be applied for each alert
Im trying to make a table with Alert Name , Alert triggered Time and Alerts results URL(which we actually get in an email when we enable email notification)
I would like to know how to get url for each triggered alert results and pass that into a dashbaord....so that users can view that results by clicking that link and take actions based on that
Hi
you can try something like this.
index=_audit TERM(action=alert_fired)
| eval alert_url = "http://localhost:8000/en-GB/app/" . ss_app . "/%40go?sid=" . sid
| table _time alert_url ss_app ss_name alert_actions
Replace http://localhost:8000/en_GB/ with your SH proto + name + port + lang.
r. Ismo