Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk 'mail merge', how could I substitute 'named text' in a field with values from other fields

splunked38
Communicator
‎07-10-2019 08:36 AM

Hi,

In short, just wondering if anyone has used Splunk for 'mail merging'

I have a dynamically generated field containing substitution text. For example:

Hello {user_name}, my name is {computer_name}
Hey {computer_name}, you have {seconds} seconds to comply

Each event contains the relevant substituted text eg:

<time>, user_name=bob, computer_name=mary, message="Hello {user_name}, my name is {computer_name}"
<time>, computer_name=jack, seconds=10, message="Hey {computer_name}, you have {seconds} seconds to comply"

For completeness, this is what the output (messages) should look like:

Hello bob, my name is mary
Hey jack, you have 10 seconds to comply

Due to the number of permutations for messages, this is not really appropriate:
https://answers.splunk.com/answers/543951/replace-substitution-placeholders-in-a-field.html

Any suggestions?

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...