I have a splunk query that results in a table , while creating alert it just sends the first row of the results ,so we are missing the remaining results. Inorder to address this , i wanted to combine the results in one row or a message to be sent.

QUERY:

| inputlookup gtsnet.csv | fields "dataset_name" | search NOT [search index = asvdataintegration source=piedpiper sts_asvdataintegration_symphony_lambda_clewriter_events | search event.proc_stat_cd = "SCSS"  AND   event.evt_dtl.EventDesc = "workflow_found" AND event.module_response.requester = "_SUCCESS" AND event.s3_location = "*"s3://cof-data-*/"*"/lake/gtsnet*"*"  AND "event.module_name"=LAMBDA  | rename event.regrd_dataset_nm as dataset_name | table dataset_name | format]

Current Format:

Expected Format: