Let's let say that I have am alert rule that if the number of failured Windows logins exceed three in 15 minutes. I believe that the alert is sent to my email but I can't figure out how to send a PDF in the alert that has the possible hosts that are applicable, the only useless message displayed in the rule has been listed I telling users to log in to Splunk ( which they can't) they are end users at remote facilities that do not have that access. Anyone ever done this because I could really use you help.
M
thx
Edit your alert and click the link to edit actions. Under "Enable Actions", check the "Enable Email" box and you should see a selection of items to include in the alert. Select "Attach PDF" and click Save.