Add hostname to email subject line of splunk alert

searching · ‎10-05-2023

Trying to edit the email subject line of alerts I am receiving.

I have tried adding host=$host$ to the base search and in the subject line and was unsuccessful.

I have tried using the $result. host$ macro and was unsuccessful as well.

search looks like :

| stats latest(cpu_load_percent) AS "CPU Utilization" by host _time

| where 'CPU Utilization' >= 95

|dedup host

_JP · ‎10-05-2023

This post covers this topic:

Solved: How to implement tokens in Email alert? - Splunk Community

searching · ‎10-27-2023

Still a little confused. I have tried both the $host and $name token and neither work. My search sends an alert when any host reach a certain level of CPU utilization. At times there are multiple host that show in the search. when adding the token in the subject line it appears in the email sent as $host or $name. An email is triggered for each host but the goal is to have the host name and value in the subject line.

Add hostname to email subject line of splunk alert

email

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

What's New in Splunk Observability - October 2025

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Are you a member of the Splunk Community?

Add hostname to email subject line of splunk alert

email

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

What's New in Splunk Observability - October 2025

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...