Alert report - columns not ordered by table command



Is there a way to guarantee the columns order in which they are defined by the last command (table) in the search that generates the report/alert? NOTE: I'm formatting the results using inline table.

As always, thank you.


The table command returns a table that is formed by only the fields that you specify in the arguments. Columns are displayed in the same order that fields are specified. Column headers are the field names. Rows are the field values. Each row represents an event.

Example SPL:

Index=farmanimals | table cows, chickens, pigs it will display the table also in that order.
Is it not the case with your query?

0 Karma


No it is not. In my search that makes up the alert I have this as the last line:

| table 1 2 3 4 5 6 7

The inline table results I receive via email has them in this order:

7 1 2 3 5 4 6

0 Karma


Were you able to resolve this?

0 Karma