https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627234#M14657 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/247215">@cbiraris</a>&nbsp;,</P><P>You can just use&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">index= abc sourcetype = ZXY "Error500" |table _time, _raw</LI-CODE><P>&nbsp;</P><P>in your alert query and set a trigger condition if the result count is greater than zero. If the query returns something you will get the results.</P> Mon, 16 Jan 2023 10:49:32 GMT scelikok 2023-01-16T10:49:32Z https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627228#M14653 <P>Hi Team,<BR /><BR />I am looking for the help to send Report.&nbsp;<BR /><BR />I have a scheduled report which is running every hour.<BR /><BR />can you please advise with search query. if I create new alert and&nbsp; if alert trigger, scheduled report should be sent to recipients.<BR /><BR />I am aware about the CSV/ PDF attached. looking for something like to send scheduled report as result for notification if alert triggered .<BR /><BR /><BR /><BR /></P> Tue, 17 Jan 2023 19:28:38 GMT https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627228#M14653 cbiraris 2023-01-17T19:28:38Z https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627229#M14654 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/247215">@cbiraris</a>,</P><P>sorry: what's the difference between attach pdf/csv file to an alert or schedule a report?</P><P>what's the additional feature that you see in scheduled report?</P><P>in both cases, if you have results, you send an email containing as attachement the report.</P><P>Ciao.</P><P>Giuseppe</P> Mon, 16 Jan 2023 10:32:18 GMT https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627229#M14654 gcusello 2023-01-16T10:32:18Z https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627230#M14655 <P>I am looking something like,<BR /><BR />If the alert trigger with query suppose-<BR /><BR /><STRONG>Index= abc sourcetype = ZXY "Error500" |stats count| where count &gt;0<BR /><BR /></STRONG>and suppose, I have a scheduled report name -- Error500 with below query<BR /><BR /><STRONG>Index= abc sourcetype = ZXY "Error500" |table _time, _raw</STRONG><BR /><BR />so, if the alert trigger, then it should&nbsp;send out the report called Error500 ? is it possible ?<STRONG><BR /><BR /></STRONG>any other solution please guide me.<BR />-----------------------------<BR /><BR />the issue I am facing is, if use stats count it sending count only and with table it sending events logs.<BR />and I want if it trigger it should send event log.<BR /><BR />Thank you.<BR /><BR /><BR /><BR /><BR /></P> Mon, 16 Jan 2023 10:41:34 GMT https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627230#M14655 cbiraris 2023-01-16T10:41:34Z https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627232#M14656 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/247215">@cbiraris</a>,</P><P>if the report that you want to send is the same of the alert (as in your example) attaching pdf/csv file, when the alert is triggered, you send the report to the recipents.</P><P>Or do you want something different?</P><P>Ciao.</P><P>Giuseppe</P> Mon, 16 Jan 2023 10:47:40 GMT https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627232#M14656 gcusello 2023-01-16T10:47:40Z https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627234#M14657 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/247215">@cbiraris</a>&nbsp;,</P><P>You can just use&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">index= abc sourcetype = ZXY "Error500" |table _time, _raw</LI-CODE><P>&nbsp;</P><P>in your alert query and set a trigger condition if the result count is greater than zero. If the query returns something you will get the results.</P> Mon, 16 Jan 2023 10:49:32 GMT https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627234#M14657 scelikok 2023-01-16T10:49:32Z https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627235#M14658 <P>Yes, I want to send different report.</P> Mon, 16 Jan 2023 10:49:48 GMT https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627235#M14658 cbiraris 2023-01-16T10:49:48Z https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627242#M14659 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/247215">@cbiraris</a>,</P><P>the solution is the one hinted by&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/206061">@scelikok</a>&nbsp;.</P><P>you use in the alert the search of the report and use as trigerr condition results&gt;0.</P><P>Ciao.</P><P>Giuseppe</P> Mon, 16 Jan 2023 11:59:18 GMT https://community.splunk.com/t5/Alerting/How-to-include-report-in-alert-search/m-p/627242#M14659 gcusello 2023-01-16T11:59:18Z