Splunk 'mail merge', how could I substitute 'named...

Splunk Search

Hi,

In short, just wondering if anyone has used Splunk for 'mail merging'

I have a dynamically generated field containing substitution text. For example:

Hello {user_name}, my name is {computer_name}
Hey {computer_name}, you have {seconds} seconds to comply

Each event contains the relevant substituted text eg:

<time>, user_name=bob, computer_name=mary, message="Hello {user_name}, my name is {computer_name}"
<time>, computer_name=jack, seconds=10, message="Hey {computer_name}, you have {seconds} seconds to comply"

For completeness, this is what the output (messages) should look like:

Hello bob, my name is mary
Hey jack, you have 10 seconds to comply

Due to the number of permutations for messages, this is not really appropriate:
https://answers.splunk.com/answers/543951/replace-substitution-placeholders-in-a-field.html

Any suggestions?

Thanks

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open! conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor. HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members! The ...