Need to send mail with multiples information

CesarCrt · ‎01-20-2021

Hello everyone,

There is my search :

my_severity=error my_app="name" earliest=-48h latest=-24h
| stats count as nb_yesterday by my_method limit=0
| appendcols[search my_severity=error my_app="name" earliest=-24h latest=now | stats count as nb_today by my_method]
| eval increase=round(nb_today*100/nb_yesterday)
| eval status=if(increase>100 OR nb_today>10, "CRITICAL", "GOOD")
| table my_method, nb_yesterday, increase, status, nb_today
| sort nb_today desc

my_severity, my_app and my_method are fields that i created myself

with my search, i get multiple results (and multiple lines) and i want to send one mail with the list of CRITICAL status like :

"Hello, we notice some errors :

[name of the method(1)] [status] [increase] [nb_today]

[name of the method(2)] [status] [increase] [nb_today]

[name of the method(3)] [status] [increase] [nb_today]

... "

Thanks.

CesarCrt · ‎01-22-2021

Anyone ???

Maybe i write this topic in the wrong channel.

Need to send mail with multiples information

fields

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

Need to send mail with multiples information

fields

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!