Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I have a lookup field in an email (alert)?

magilbert1
Explorer
‎04-12-2019 08:27 AM

Hi

I have a lookup file that map log sources with its application name. I want to have this application name in my e-mail alert.
I did it with host ( $result.host$) but it's didnt seems to work with the lookups field.

Maybe anyone has an idea on how I can process ?

Thanks

Tags (1)
0 Karma
Reply

Vijeta
Influencer
‎04-12-2019 09:06 AM

If you do table host at end of your search and then do $result.host$ in alert , does it work? Also what is your alert query.

Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...