Alerting

I've defined an alert to be emailed, but how do I attach a CSV file of the results?

huaraz
Explorer

Hi,

I have defined an alert to be emailed to me, but I do not see an option to attach the csv file of the result. What do I have to do to add the result without writing a script.

The only option I see is to add sendemail at the end of the search and ignore the alert email settings.

Thank you
Markus

Tags (3)
0 Karma

chimell
Motivator

Hi huaraz
in version 6.1.4 there is an option for CSV
make a search save it as an alert by following these step
1) in Title field give your alert name
2) click on Schedule in Alert time field then to next
3) Check a field Send Email
4) Fill the option that you will see
5) In Include field you will see Attach CSV check it and save your alert

0 Karma

matthieu_araman
Communicator

Hello,

if you save a search in the serch bar, the csv option should be more visible.(as describe above)

if you go via saved searches, after you enable email action, you've got to click just below on "click to select email action" (it's in blue with narrow policy so easy to miss) to find out the interface where you can select csv to be attached.

0 Karma

huaraz
Explorer

I don't know what I do different, but when I save a search I can modify it as shown here:

http://picpaste.com/image-0001-z7YEBF1S.jpg

and

http://picpaste.com/image-0002-JZ4uA2bG.jpg

I have no include option
Markus

0 Karma

matthieu_araman
Communicator

links on picpaste no longer exists...

0 Karma

somesoni2
SplunkTrust
SplunkTrust
0 Karma

somesoni2
SplunkTrust
SplunkTrust

You do have option to select the version of splunk in a dropdown in the right top corner of the documentation. Here is the link for same documentation for version 6.1.4
http://docs.splunk.com/Documentation/Splunk/6.1.4/Alert/Setupalertactions

huaraz
Explorer

I do not see that option in 6.1.4 (despite the documentation)

Screenshot
http://picpaste.com/Alert-lQuHXnby.png

Markus

0 Karma

jbouch03
Path Finder

What version of Splunk are you using? In 6.2 there is an option for CSV under the email alert settings. See attached screenshot:
Are you trying to send a different CSV file then what is produced by the alert results?

alt text

0 Karma

huaraz
Explorer

I forgot to say I run version 6.1.4

Markus

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...