Solved: Different view in email inline table and CSV attac...

Pawel1 · ‎03-15-2023

Hello. So I'm trying to create a report which will send a daily email.

I'm using the action "Send Email" to send the report.

In there I have two options set:

- Inline Table

- Attach CSV

My question is. Can I for example have the "Inline Table" limited to lets say 10 top results?

The thing what I want to achieve here, is to have a short summary in the e-mail body (the 10 top results) and the full search result in the CSV file (which can have hundreds of rows)

Is this even possible in this one action?

PickleRick · ‎03-15-2023

Expanding on @richgalloway 's answer - the sendemail.py script which is responsible for sending the results simply renders the given result set into one format or another but it doesn't process them in any additional way. So the behaviour you describe is not possible at the moment.

View solution in original post

PickleRick · ‎03-15-2023

Expanding on @richgalloway 's answer - the sendemail.py script which is responsible for sending the results simply renders the given result set into one format or another but it doesn't process them in any additional way. So the behaviour you describe is not possible at the moment.

richgalloway · ‎03-15-2023

The inline table and the attached CSV will contain the same results - those produced by the report. Go to https://ideas.splunk.com to make a case for alternatives.

---
If this reply helps you, Karma would be appreciated.

Different view in email inline table and CSV attachement

other

scheduled search

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes