Hi at all,
I showed the triggered alerts on a dashboard using a search on the `_internal` index and `source="/opt/splunk/var/log/splunk/scheduler.log"`, after I connected results to a REST extraction to enrich information from savedsearch.
My problem is to have the information about the host triggered by alert, because in my search, the only host is the Search Head, but I need the hostname of the alerted host.
Can I have it?
Thank you in advance.
Bye.
Giuseppe
↧