Alert report - columns not ordered by table comma...

brdr · ‎07-02-2018

Hello,

Is there a way to guarantee the columns order in which they are defined by the last command (table) in the search that generates the report/alert? NOTE: I'm formatting the results using inline table.

As always, thank you.

Azeemering · ‎07-02-2018

The table command returns a table that is formed by only the fields that you specify in the arguments. Columns are displayed in the same order that fields are specified. Column headers are the field names. Rows are the field values. Each row represents an event.

Example SPL:

Index=farmanimals | table cows, chickens, pigs it will display the table also in that order.
Is it not the case with your query?

AllenZhang · ‎04-26-2021

In my case,

index=example | table SID Auto Manual Total

Everything looks fine on web. However in email as inline, it shows:

Auto Total SID Manual

AllenZhang · ‎04-22-2021

I just noticed the same issue.

it's fine as search result.

But not in the same order in the email as inline table received by scheduled report.

brdr · ‎07-02-2018

No it is not. In my search that makes up the alert I have this as the last line:

| table 1 2 3 4 5 6 7

The inline table results I receive via email has them in this order:

7 1 2 3 5 4 6

n0vsec · ‎09-16-2020

Were you able to resolve this?

Alert report - columns not ordered by table command

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

Alert report - columns not ordered by table command

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases