Send Separate Alert Email notification based on em...

Poojitha

Hi All,

I have a lookup that contains set of email ids and associated accounts.

Example :

Account ID	OWNER_EMAIL
34234234	test1@gmail.com; test2@gmail.com
123234234	test3@gmail.com;test4@gmail.com

<logic>
| eval email_list = split(OWNER_EMAIL, ";")
| stats values(email_list) as email_list values(ENVIRONMENT) as ENVIRONMENT values(category) as EVENT_CATEGORY values(EVENT_TYPE) as EVENT_TYPE values(REGION) as Region values(AFFECTED_RESOURCE_ARNS) as AFFECTED_RESOURCE_ARNS.

I have configured $result.email_list$ in alert action - email.to setting. Email is getting sent successfully but all of the result together is sent to email recepient.

Result :

Account ID	Email_list	Environment	Category	Type	Region	Arns	Description
34234234	test1@gmail.com; test2@gmail.com	Development	test_cat1	Event1	global	testarn1	testdescr1
123234234	test3@gmail.com;test4@gmail.com	Production	test_cat2	Event2	global	testarn2	testdescr2

When alert is triggered, separate email should go to test1@gmail.com; test2@gmail.com with both of them in to field with email body containing only first row and another email should go to test3@gmail.com;test4@gmail.com with both of them in to field with email body containing only second row. Please help how to achieve this.

Regards,
PNV

gcusello

Hi @Poojitha ,

when you create the alert, use the $row.OWNER_EMAIL$ token in the "Send to" field,

remembering to separate alerts results (one alert for each results) in the alert options.

Ciao.

Giuseppe

Send Separate Alert Email notification based on email column and result returned

other

Index This | How many sides does a circle have?

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?