SplunkEmailParser
This Script is part of the Deprecated Content (Deprecated) Pack.#
Deprecated
Classifies an incident created from an email originating from Splunk. The mail type should be in plain text, and inline. The table should be selected. Parsing should be done in the following manner. The "type" is the header sourcetype, the "severity" is the mail importance level, the "incident name" is the mail subject and the systems are taken from the host.
Script Data#
| Name | Description |
|---|---|
| Script Type | javascript |
| Tags | splunk, ingestion |
Dependencies#
This script uses the following commands and scripts.
- search
Inputs#
| Argument Name | Description |
|---|---|
| body | The content's (body) of the email. |
| subject | The subject of the email. |
Outputs#
There are no outputs for this script.