Re: Email Alert

nebyouadane · ‎12-10-2013

GM
I created an email alert, but my result comes back with the query and error code or it says "A PDF snapshot has been generatedm for the view" I would like to get a table or a chart in the email. I'm using Splunk Enterprise 5.0.5. this is for Failed Login Alert, below you see the query I wrote. I get the right result on splunk but not in my email.

(eventtype=msad-failed-user-logons | fields src_host,src_ip,src_nt_domain,user | eval src_ip=replace(src_ip,"::ffff:","") | ip-to-host | stats values(src_nt_domain) AS "Domain(s)", count AS Count, values(src_host) AS "Host(s)", values(src_ip) AS "IP(s)", sparkline AS "Failure activity" by user | sort -Count | rename user as "Username"
)

nebyouadane · ‎12-10-2013

Thanks, it worked

kristian_kolb · ‎12-10-2013

did you read this?

http://docs.splunk.com/Documentation/Splunk/5.0.5/Alert/Definescheduledalerts

or this;

http://docs.splunk.com/Documentation/Splunk/5.0.5/Alert/Setupalertactions

nebyouadane · ‎12-13-2013

Thanks, it worked

Email Alert

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting