Hello Splunkers,
I am trying to setup the alerts go to email and other integrations. When I use the inbuilt tokens like "$results.x$"- it gives only the first result from the search. How should I access other fields from the search results?
My search is something like this: index=* "xxxxxx" |.....|stats count by domain, name, ip
This search usually gives 3-4 unique columns like this-
| Domain | Name | IP |
| A | B | C |
| D | E | F |
| H | I | J |
Email alert should have all the results(columns) in it. Please help.
Thanks in advance.
... View more