Mandatory settings

In the mandatory settings section, you can define which field from the search results contains the severity and which field from the search results contains the alert message. Aside from specifying the field that contains the message, it is also possible to create the message itself. Here you can use the standard Splunk tokens (like $result.fieldname$ or $name$) but you can also use the macro system that is incorporated in the slackalert script.