Re: Alert report - columns not ordered by table c...

brdr · ‎07-02-2018

Hello,

Is there a way to guarantee the columns order in which they are defined by the last command (table) in the search that generates the report/alert? NOTE: I'm formatting the results using inline table.

As always, thank you.

Azeemering · ‎07-02-2018

The table command returns a table that is formed by only the fields that you specify in the arguments. Columns are displayed in the same order that fields are specified. Column headers are the field names. Rows are the field values. Each row represents an event.

Example SPL:

Index=farmanimals | table cows, chickens, pigs it will display the table also in that order.
Is it not the case with your query?

AllenZhang · ‎04-26-2021

In my case,

index=example | table SID Auto Manual Total

Everything looks fine on web. However in email as inline, it shows:

Auto Total SID Manual

AllenZhang · ‎04-22-2021

I just noticed the same issue.

it's fine as search result.

But not in the same order in the email as inline table received by scheduled report.

brdr · ‎07-02-2018

No it is not. In my search that makes up the alert I have this as the last line:

| table 1 2 3 4 5 6 7

The inline table results I receive via email has them in this order:

7 1 2 3 5 4 6

n0vsec · ‎09-16-2020

Were you able to resolve this?

Alert report - columns not ordered by table command

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation