Alerting

I've defined an alert to be emailed, but how do I attach a CSV file of the results?

Explorer

Hi,

I have defined an alert to be emailed to me, but I do not see an option to attach the csv file of the result. What do I have to do to add the result without writing a script.

The only option I see is to add sendemail at the end of the search and ignore the alert email settings.

Thank you
Markus

Tags (3)
0 Karma

Motivator

Hi huaraz
in version 6.1.4 there is an option for CSV
make a search save it as an alert by following these step
1) in Title field give your alert name
2) click on Schedule in Alert time field then to next
3) Check a field Send Email
4) Fill the option that you will see
5) In Include field you will see Attach CSV check it and save your alert

0 Karma

Communicator

Hello,

if you save a search in the serch bar, the csv option should be more visible.(as describe above)

if you go via saved searches, after you enable email action, you've got to click just below on "click to select email action" (it's in blue with narrow policy so easy to miss) to find out the interface where you can select csv to be attached.

0 Karma

Explorer

I don't know what I do different, but when I save a search I can modify it as shown here:

http://picpaste.com/image-0001-z7YEBF1S.jpg

and

http://picpaste.com/image-0002-JZ4uA2bG.jpg

I have no include option
Markus

0 Karma

Communicator

links on picpaste no longer exists...

0 Karma

SplunkTrust
SplunkTrust
0 Karma

SplunkTrust
SplunkTrust

You do have option to select the version of splunk in a dropdown in the right top corner of the documentation. Here is the link for same documentation for version 6.1.4
http://docs.splunk.com/Documentation/Splunk/6.1.4/Alert/Setupalertactions

Explorer

I do not see that option in 6.1.4 (despite the documentation)

Screenshot
http://picpaste.com/Alert-lQuHXnby.png

Markus

0 Karma

Path Finder

What version of Splunk are you using? In 6.2 there is an option for CSV under the email alert settings. See attached screenshot:
Are you trying to send a different CSV file then what is produced by the alert results?

alt text

0 Karma

Explorer

I forgot to say I run version 6.1.4

Markus

0 Karma