All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Getting custom fields to appear in OpsGenie alerts

Robbie1194
Communicator
‎06-13-2018 07:28 AM

Hi guys,

I am using the Splunk app for OpsGenie to allow me to send alerts directly to OpsGenie, however, I can't seem to get any custom fields to show in my alerts?

I've looked at: https://docs.opsgenie.com/docs/splunk-integration

I've tried adding:

Whatever:{{result.customfield}} into the description field in OpsGenie but still no luck.

Has anyone done this before that can advise me on the syntax I'm using? The custom field I'm trying to show is not an indexed field but a field generated from an eval statement in the alerting search, if that makes any difference.

Cheers,
Robbie

Reply

klandt1
New Member
‎06-21-2018 07:25 AM

Please hop over to www.opsgenie.com and use the blue chat bubble in the bottom right hand corner to engage with the Support team. They can have a look at the data being sent to OpsGenie and verify that the fields you are looking for are coming through. Then they can work with you on what the syntax should be for accessing the variable(s).

0 Karma
Reply

lcintron
Engager
‎06-21-2018 06:25 AM

Hey Robbie, I would recommend reaching to OpsGenie Customer Success as they may be able to lend a hand and point you in the right direction. Thanks, Robbie, hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...