How to hidden a certain fields value in an Inline table in email alert?



My alert produces a table like this:


_time1 |3  |file1.csv  |SUCCESS
_time2 |5  |file2.csv  |DATA_ERROR



I want to send an Inline table that only contains STATUS=DATA_ERROR. But in the body of the email, I still want to use the token $result.Time$ and $result.FILE_NAME$ from the STATUS=SUCCESS.
Email body example:

1. File name success detail:

File name: file1.csv
Effective time: _time1

2. Data error detail:


5  |file2.scv        |DATA_ERROR

So it's basically, hide the STATUS=SUCCESS row- but still use its values in the token email.

Thank you in advance

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...