Create a email alert

Server Setup

Create a alert

Resources

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0749544support.servicenow.com

Troubleshooting

How to setup email alerts results

You can display Basic values you can put in the Subject or Body

Example:

$name$ // Gives you the name of the alert, ex. "Sign in out of US"

Custom values

The best way i found it to work is make the result query return a table. Splunk will look at the first entry to pull the values from.(ex..if you are returning multi rows it will only read the first for values)

| table _time, "User", "Client IP", City, Country

In the email you would access the values by

Email: $result.User$
IP: $result.Client IP$
City: $result.City$
Country: $result.Country$

PreviousSPL NextMonitoring a file from a PC

Last updated 7 months ago