Add hostname to email subject line of splunk alert

searching · ‎10-05-2023

Trying to edit the email subject line of alerts I am receiving.

I have tried adding host=$host$ to the base search and in the subject line and was unsuccessful.

I have tried using the $result. host$ macro and was unsuccessful as well.

search looks like :

| stats latest(cpu_load_percent) AS "CPU Utilization" by host _time

| where 'CPU Utilization' >= 95

|dedup host

_JP · ‎10-05-2023

This post covers this topic:

Solved: How to implement tokens in Email alert? - Splunk Community

searching · ‎10-27-2023

Still a little confused. I have tried both the $host and $name token and neither work. My search sends an alert when any host reach a certain level of CPU utilization. At times there are multiple host that show in the search. when adding the token in the subject line it appears in the email sent as $host or $name. An email is triggered for each host but the goal is to have the host name and value in the subject line.

Add hostname to email subject line of splunk alert

email

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

Add hostname to email subject line of splunk alert

email

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?