|
When setting up a scheduled search there is a field 'Description'. I use this field to note ticket numbers, wiki articles, etc. I'd like this field to be shown in the emailed results of my saved searches. Is there a way to do this? |
|
According to Splunk support there is no way to do this. A feature request was submitted. The email script could in principle be modified to take the saved search name and make a REST API call to get the description, but that part of the API isn't fully published and it seems like a lot of trouble right now.
(10 Feb '11, 21:28)
gkanapathy ♦
|
|
Can you provide the query you are running to generate the scheduled search? You may be able to to send everything to: Hmm, well it could be any query. For example, I could just setup an alert to notify me if "foo" was found in my apache logs. What I'm looking for is to include the description defined in the alert creation within the emailed alert.
(09 Feb '11, 21:17)
nocostk
Ahhhh. Looks like i totally missed the point of the question. sorry about that
(11 Feb '11, 18:41)
Brian Osburn
|
