my2ndhead
commented
4 years ago Can you please clarify? You can set the e-mail subject dynamically in Alert Manager
Open afxmac opened 4 years ago
my2ndhead
commented
4 years ago Can you please clarify? You can set the e-mail subject dynamically in Alert Manager
afxmac
commented
4 years ago Yes, the e-mail subject works fine, as I clarified above in the edit. But, the trick to hide the fields used for the subject from the alert by prefixing fields with "_" does not work. Sorry for wording this in a misleading form.
my2ndhead
commented
4 years ago Which fields are in the body is done using templates.
Does creating your own templates solve the problem?
afxmac
commented
4 years ago Hmm, my JavaScript skills are rather minimal... How would I exclude fields that have a "_" at the start?
my2ndhead
commented
4 years ago It's a Python Django Template :-)
You will need to add a condition to nor render a column, when the field starts with underscore.
https://docs.djangoproject.com/en/3.1/ref/templates/builtins/
afxmac
commented
4 years ago Here goes my weekend... thx afx
If a field starts with this is not transported into the E-Mail alert, with alert-manager I still see fields. What I typically use in email alerts is something like $result._field$ for the title and the field is not shown in the alert result, it has been constructed especially for the title and is then ignored in the tables in a Splunk email alert thanks the at the beginning of the name.
EDIT: Just realized that this already works: When defining email alerts in Splunk, one can use $result.fieldname$ for alert titles, that would be nice in alert manager too.
thx afx