Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to include report in alert search?

cbiraris
Path Finder
‎01-16-2023 02:28 AM

Hi Team,

I am looking for the help to send Report. 

I have a scheduled report which is running every hour.

can you please advise with search query. if I create new alert and  if alert trigger, scheduled report should be sent to recipients.

I am aware about the CSV/ PDF attached. looking for something like to send scheduled report as result for notification if alert triggered .



Labels (1)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎01-16-2023 02:49 AM

Hi @cbiraris ,

You can just use 

 

index= abc sourcetype = ZXY "Error500" |table _time, _raw

 

in your alert query and set a trigger condition if the result count is greater than zero. If the query returns something you will get the results.

If this reply helps you an upvote is appreciated.
0 Karma
Reply

gcusello
Esteemed Legend
‎01-16-2023 02:32 AM

Hi @cbiraris,

sorry: what's the difference between attach pdf/csv file to an alert or schedule a report?

what's the additional feature that you see in scheduled report?

in both cases, if you have results, you send an email containing as attachement the report.

Ciao.

Giuseppe

0 Karma
Reply

cbiraris
Path Finder
‎01-16-2023 02:41 AM

I am looking something like,

If the alert trigger with query suppose-

Index= abc sourcetype = ZXY "Error500" |stats count| where count >0

and suppose, I have a scheduled report name -- Error500 with below query

Index= abc sourcetype = ZXY "Error500" |table _time, _raw

so, if the alert trigger, then it should send out the report called Error500 ? is it possible ?

any other solution please guide me.
-----------------------------

the issue I am facing is, if use stats count it sending count only and with table it sending events logs.
and I want if it trigger it should send event log.

Thank you.




Tags (1)
0 Karma
Reply

gcusello
Esteemed Legend
‎01-16-2023 02:47 AM

Hi @cbiraris,

if the report that you want to send is the same of the alert (as in your example) attaching pdf/csv file, when the alert is triggered, you send the report to the recipents.

Or do you want something different?

Ciao.

Giuseppe

0 Karma
Reply

cbiraris
Path Finder
‎01-16-2023 02:49 AM

Yes, I want to send different report.

0 Karma
Reply

gcusello
Esteemed Legend
‎01-16-2023 03:59 AM

Hi @cbiraris,

the solution is the one hinted by @scelikok .

you use in the alert the search of the report and use as trigerr condition results>0.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...