How to send the matching value in the log file , i...

tusharsappal · ‎09-19-2013

I had a query in Mind till now I only know that Splunk only sends the count of the events happened during the time duration , is there any way we can send the actual matching content in the email whenever the alert is fired ,i.e can we make the reporting more intuitive and clear ,sending the actual matching text in the email body

Thanks in Advance
Tushar

richgalloway · ‎09-19-2013

In addition to lukejadamec's response, check your alert configuration. Tick the box labelled "Include results in email" and select if they should be included inline or as a CSV or PDF attachment.

---
If this reply helps you, Karma would be appreciated.

tusharsappal · ‎09-19-2013

Actually I ahve checked the include the results in email check box , I was just wondering to make the reporting more intuitive , that I got that Splunk reports what is the search results So I believe that I will be modifying my Search query

Regards
Tushar

lukejadamec · ‎09-19-2013

You can only include what is contained in the output of your search in the email.
You will need to change your search so it generates the output you're looking for.
If you need help with the search output you can post the search here, and tell us specifically what you want as output.

How to send the matching value in the log file , in the email that we send as a part of the alert

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life