created a workflow to find an error in the system log using a custom filter: eventType eq "application.provision.user.sync" and displayMessage eq "Sync user in external application" and outcome.result eq "FAILURE" and target.displayName eq "Active Directory"
trying to figure out how to use that to send a slack/email message with just the username/displayname
Do you have any screenshots of where you’re at so far?
Depending on how you have things setup, you might see multiple SysLog events in your search.
In that case, you could look at using a “List - Pluck” and potentially a “List to Text” to grab the display names in a way that you can use to send in a message.
Alternatively, you might just be able to grab the information you need from the Search System Logs card, either directly in the output, or using an “Object - Get” card.
Hi Sam,
I’d check out these videos by @maxkatz: