Hi,
Is there is a way for me to put the host and server name in the subject line of the alert email? Is it possible at all?
I have created an alert searching for the keyword "Fatal error". The logs are generated from several host machines from a few different servers. How do I track which host and/or server the "Fatal error" is from?
The log line looks like this:
2013-01-08 07:34:49,949 ERROR: Fatal error for something something something <(PID)> ServerName
Host is one of the extracted fields.
Thanks!
Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.
https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html
Looks like this can be done in version 6.1 and up by adding $result.host$ in the Subject field.
https://answers.splunk.com/answers/235240/include-hostname-in-alert-email-subject.html
format your search results and add the required fields
<mysearch> | table _time host source _raw
I see. Thanks for confirming. That's what I thought too.
I have read through that documentation already and didn't look like those custom script parameters get me what I need ... unless there is one alert per host, which I am not going to do.
My bad, it will add the host in the attached results included in the email, not in the email subject.
As far as I know there is no option to make the subject dynamic (it's static or populated with the search-name). The only way to go further is to use a custom alert script and manage yourself the email creation.
see http://docs.splunk.com/Documentation/Splunk/latest/Alert/Configuringscriptedalerts
Thank you for the response. I do not understand how that will add the host name in the subject line of an alert email.
Anyone ? ? ?