Hello, In my search query I've defined the 3 email_subjects and 3 email_addresses with eval to which I want to send an alert based on threshold defined. e.g if threshold value is =1 then email_subject1 and email_address1 etc. My output being in table format because of which for availing $result.feildname$ values,  I'll have to add email_subject and  email_address fields in search result table (definitely not desired) - that being the issue I'm stuck at, same issue I faced with "sendemail" as well. Is there an alternate way to send email alert via splunk itself (no script)? @fk319 @woodcock @MuS @bmunson_splunk  ... View more