Alerting

How to configure alert to send only one email containing all field values rather than an email per field value?

packet_hunter
Contributor

So I have an alert that fires 5 emails, one email per value.

For example, I have an alert based on a report that provides 5 field values. Currently I receive a 5 emails, one for each field. I would like just one email containing all the fields and values. The following are the fields.

Alert Occurred
Alert name
Appliance
MD5
Attachment

I have selected (in the alert):
Number of Results is greater than 0
Trigger for each result (I think this is the problem)
Send email
include Inline Table, attach PDF

The PDF contains all the fields/values I would like.

Does anyone know how to reconfigure my alert to just one email?

Thank you

Tags (2)
0 Karma
1 Solution

somesoni2
SplunkTrust
SplunkTrust

Did you select "Once" OR "For each result" under "Alert options" section (in UI, below Enable Actions section). YOu should be selecting "Once" for single email per alert execution.

View solution in original post

somesoni2
SplunkTrust
SplunkTrust

Did you select "Once" OR "For each result" under "Alert options" section (in UI, below Enable Actions section). YOu should be selecting "Once" for single email per alert execution.

packet_hunter
Contributor

that works!!! Thank you - please convert to an answer.

0 Karma

somesoni2
SplunkTrust
SplunkTrust

here you go.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...