Solved: Re: Column Order in Email Alerts

enielson · ‎06-22-2010

Column order (in HTML table output format) in email alerts seems to be decided by splunk, ignoring the order in the "fields" command.

Is it possible to specify which order they are in?

the_wolverine · ‎06-22-2010

Which version are you reporting this for?

CSV columns should work properly but html column sort is broken. It will be fixed in 4.1.4.

View solution in original post

gkanapathy · ‎06-22-2010

The order is in order of length of the longest field value per field. It is not configurable other than by editing the $SPLUNK_HOME/etc/apps/search/sendemail.py script. (In 4.1.3 and prior.)

View solution in original post

assaftoval · ‎08-14-2012

The suggested addition 'width_sort_columns = 0' is not working.
I'm using 4.3.2 and verified format = text, still no good.

Any other ideas?

Masa · ‎02-10-2012

Good news!
In 4.3, we added an attribute in alert_actions.conf to keep order of fields.
Please check a spec file, alert_actions.conf.spec



[email]

width_sort_columns = 

    * Whether columns should be sorted from least wide to most wide left to right.

    * Valid only if format=text

    * Defaults to true

So, if you add this attribute to alert_actions.conf ( generally found in etc/system/local )

[email]
width_sort_columns = 0

We cannot select this option through WebGUI.

gkanapathy · ‎06-22-2010

The order is in order of length of the longest field value per field. It is not configurable other than by editing the $SPLUNK_HOME/etc/apps/search/sendemail.py script. (In 4.1.3 and prior.)

the_wolverine · ‎06-22-2010

Which version are you reporting this for?

CSV columns should work properly but html column sort is broken. It will be fixed in 4.1.4.

enielson · ‎06-22-2010

Thanks for the info.

I am using 4.1.2.

Column Order in Email Alerts

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms