Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Alert to Incident add-on multiple results

Vasilii_V
Observer
‎01-27-2022 07:20 AM

Hello All,

I have a simple search for the alert:

Index="vpn" message="recently failed"
|table _time, host,message

Alert triggers when results are >2

I need to put all events field's results in the ServiceNow ticket description.
Unfortunately, $results.fieldname$ take results of the first event.
But this alert requires to have >2 events.

Are there any options to manage it with multiple events?

Thank you in advance!

Labels (1)
Labels
0 Karma
Reply
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>

Get Updates on the Splunk Community!