guilhemmarchand
commented
3 years ago Hi @kyle-hammerberg-emailage
I have read a bit more carefully your question, sorry I initially thought this was an enhancement request.
Here is how you can do it:
Which in the Webhook call gets translated to whatever is the description of the search:
I guess you tried to use it in the fields, as documented and explained in the alert action options, the fields are pure fields resulting from the search, so only fields in the data results that you would reach with $result.name_of_the_field$
Let me know if you have any further question.
Guilhem
Is it possible to send the Description field from the splunk alert through to the Teams notification? Similar to how you're currently passing the $name$ token.
I've tried adding 'description,$description$' to the Message Fields List without luck. Just fields from the search come through. Thanks! example splunk tokens: https://docs.splunk.com/Documentation/Splunk/8.1.2/Alert/EmailNotificationTokens