Hi Pablo,
well, it kind of related, but i'm not sure if it's 100% my case.
What i have as the alert's source is a simple search without any "transforming commands". So, it looks pretty strange that some fields are absent from that. I might be wrong here, but it looks like a bug in Splunk to me. What do you think? Should we report a bug?
I managed to make fields available by piping the search results into the "fields" command listing all the fields i need. It's a bit clumsy work-around, but it does the trick.
Best regards,
Dmytro.
... View more