https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134482#M36755 <P>Yes : You can include Inline listing of results, as <STRONG>a table, raw events, or CSV file</STRONG> whent configuring your email actions.<BR /> For more informations, take a look here: <A href="http://docs.splunk.com/Documentation/Splunk/latest/Alert/Setupalertactions">http://docs.splunk.com/Documentation/Splunk/latest/Alert/Setupalertactions</A></P> Tue, 14 Apr 2015 11:55:04 GMT stephanefotso 2015-04-14T11:55:04Z https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134481#M36754 <P>Hi,</P> <P>I am looking for a way to get the events in the alert email rather than the statistics i.e. I want to see what "view result" link shows on click on splunk page directly into the email.</P> <P>Is this even possible?</P> <P>Thanks in advance.<BR /> Vinod.</P> Tue, 14 Apr 2015 09:00:24 GMT https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134481#M36754 vinodmadaan 2015-04-14T09:00:24Z https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134482#M36755 <P>Yes : You can include Inline listing of results, as <STRONG>a table, raw events, or CSV file</STRONG> whent configuring your email actions.<BR /> For more informations, take a look here: <A href="http://docs.splunk.com/Documentation/Splunk/latest/Alert/Setupalertactions">http://docs.splunk.com/Documentation/Splunk/latest/Alert/Setupalertactions</A></P> Tue, 14 Apr 2015 11:55:04 GMT https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134482#M36755 stephanefotso 2015-04-14T11:55:04Z https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134483#M36756 <P>Hi Stephanefotso,</P> <P>Thanks for the reply, But this not what I am asking for sorry. I know we can include all this, but what I want it to get the events like they come up when we do a search by typing the query (I hope it is making sense what I am asking) with all the stuff like source type host etc etc.</P> Tue, 14 Apr 2015 11:59:40 GMT https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134483#M36756 vinodmadaan 2015-04-14T11:59:40Z https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134484#M36757 <P><STRONG>you can get raw events</STRONG>. Let suppose You create an alert that send an email when the word <STRONG>error</STRONG> is find for the last 1 hours and it would send an email when found. <BR /> Here is the query with the <STRONG>_internal</STRONG> index: <CODE>index=_internal "error"</CODE> . A search like this will provide <STRONG>events</STRONG>, that you can decide to get in your <STRONG>mail</STRONG> the same way you get it in splunk web when simply type the query, by silply include <STRONG>raw events</STRONG> when configuring your email action. </P> Tue, 14 Apr 2015 12:26:48 GMT https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134484#M36757 stephanefotso 2015-04-14T12:26:48Z https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134485#M36758 <P>Gotcha! Sorry I got confused.<BR /> Thank you so much for you answer <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 14 Apr 2015 15:03:10 GMT https://community.splunk.com/t5/Splunk-Search/Can-I-get-the-raw-events-Results-of-the-search-in-an-Alert-Email/m-p/134485#M36758 vinodmadaan 2015-04-14T15:03:10Z