Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the complete list of tokens available for the message in the new 6.1 alerts?

raoul
Path Finder
‎05-12-2014 01:21 AM

I cannot find a complete list of the tokens that are available for the message text in the new Splunk v6.1 alert system.

The online help has some examples like $job.resultCount$ but I cannot find a complete list.

Labels (1)
Labels
Tags (2)
Reply
1 Solution
Solved! Jump to solution

matthewhaswell
Path Finder
‎08-10-2017 04:32 AM

In case anyone else's search brings them here first - the new token documentation is here: http://docs.splunk.com/Documentation/Splunk/6.6.2/Alert/EmailNotificationTokens

Reply
Solved! Jump to solution

rivium_ro_mc
Explorer
‎03-31-2022 09:57 PM

Slight update to this link to reflect a more recent version of Splunk: https://docs.splunk.com/Documentation/Splunk/8.2.5/Alert/EmailNotificationTokens

Quick Reference:

Search Name: $name$
Search Description: $description$
Results Link (reports & alerts): $results_link$
Search String: $search$
Link to saved search: $view_link$

Fields: $result.fieldname$

Job Details

$job.earliestTime$Initial job start time
$job.eventSearch$Subset of the search that appears before any transforming commands
$job.latestTime$Latest time recorded for the search job
$job.messages$List of error and debug messages generated by the search job
$job.resultCount$Search job result count
$job.runDuration$Time, in seconds, for search job completion
$job.sid$Search ID
$job.label$Search job name


Dashboard Label$dashboard.label$
Dashboard Description: $dashboard.description$

 

 

Reply
Solved! Jump to solution

SteveIves1
Engager
‎05-23-2023 02:06 AM

The documentation about the use of tokens talks about using them in emails. Can they be used in other alert integrations such as Moogsoft?

0 Karma
Reply
Solved! Jump to solution

matthewhaswell
Path Finder
‎08-10-2017 04:33 AM

This link now redirects to the main splunk doc page.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...