Re: Adding a string in title of e-mail

avneet26 · ‎08-24-2022

"user-info"
index=user_interface_type sourcetype=*
| table _time, host, port, _raw | sendemail to="abc@splunk.com" sendresults=true

I use above query to list out the details for the search "user-info"

I want to use this string "user-info" and pass it on in the title of the e-mail as : Notification received for user-info

How to do that ?

richgalloway · ‎08-24-2022

If user-info is a string literal then include it as the value of the subject argument to sendemail.

"user-info" index=user_interface_type sourcetype=* 
| table _time, host, port, _raw 
| sendemail to="abc@splunk.com" sendresults=true subject="user-info"

---
If this reply helps you, Karma would be appreciated.

avneet26 · ‎08-24-2022

But i Want to add the subject as "Notification received for <then the string that I searched in the query">

richgalloway · ‎08-25-2022

| sendemail to="abc@splunk.com" sendresults=true subject="Notification received for user-info"

There is no back-reference to string literals.

---
If this reply helps you, Karma would be appreciated.

How do I add a string in the title of a e-mail?

field extraction

Archived Metrics Now Available for APAC and EMEA realms

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!