Re: How to avoid separation lines in email inline ...

langhorn · ‎11-14-2018

After we upgraded from version 6.3.X to 6.6.11 we see that inline tables in emails appear with a separation line between rows. That did not happen in 6.3.X.
Is there a way to avoid them in email inline tables?

langhorn · ‎11-18-2018

Thanks Laurie for your response.

The search itself ends with the lines below and the results are sent by email. The data are sent as an inline table in the email, as plain text.

....| table host TYPE MID DATX date_mday date_hour COUNT |
sort TYPE date_mday date_hour MID

When I run the search itself directly in Splunk Search App, there are no separation lines displayed and they are not in the raw data.
The separation lines are clearly added by Splunk.
The problem with them is that they look horrible in some mail clients when the lines are very long and the text is wrapped around.

laurie_gellatly · ‎11-19-2018

OK, so now the question becomes what is actually doing the emailing?
How are you turning this search into an email?

langhorn · ‎11-19-2018

I am using the send email Trigger Action inside Edit Alert.
When the alert is triggered an email is sent and the data is added as an inline table.

I am not using the sendemail SPL command.

laurie_gellatly · ‎11-18-2018

A bit more context here would help.
How is the data being displayed.
Are the lines in the raw logs now?
...

How to avoid separation lines in email inline tables?

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Enterprise Security Content Update (ESCU) | New Releases