Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

I've defined an alert to be emailed, but how do I attach a CSV file of the results?

huaraz
Explorer
‎04-03-2015 08:49 AM

Hi,

I have defined an alert to be emailed to me, but I do not see an option to attach the csv file of the result. What do I have to do to add the result without writing a script.

The only option I see is to add sendemail at the end of the search and ignore the alert email settings.

Thank you
Markus

Tags (3)
0 Karma
Reply

chimell
Motivator
‎04-04-2015 04:56 AM

Hi huaraz
in version 6.1.4 there is an option for CSV
make a search save it as an alert by following these step
1) in Title field give your alert name
2) click on Schedule in Alert time field then to next
3) Check a field Send Email
4) Fill the option that you will see
5) In Include field you will see Attach CSV check it and save your alert

0 Karma
Reply

matthieu_araman
Communicator
‎04-29-2015 05:25 AM

Hello,

if you save a search in the serch bar, the csv option should be more visible.(as describe above)

if you go via saved searches, after you enable email action, you've got to click just below on "click to select email action" (it's in blue with narrow policy so easy to miss) to find out the interface where you can select csv to be attached.

0 Karma
Reply

huaraz
Explorer
‎04-04-2015 06:35 AM

I don't know what I do different, but when I save a search I can modify it as shown here:

http://picpaste.com/image-0001-z7YEBF1S.jpg

and

http://picpaste.com/image-0002-JZ4uA2bG.jpg

I have no include option
Markus

0 Karma
Reply

matthieu_araman
Communicator
‎04-28-2015 08:07 AM

links on picpaste no longer exists...

0 Karma
Reply

somesoni2
Revered Legend
‎04-03-2015 10:21 AM

This should get you going

http://docs.splunk.com/Documentation/Splunk/6.2.2/Alert/Setupalertactions#Configure_email_notificati...

0 Karma
Reply

somesoni2
Revered Legend
‎04-03-2015 11:24 AM

You do have option to select the version of splunk in a dropdown in the right top corner of the documentation. Here is the link for same documentation for version 6.1.4
http://docs.splunk.com/Documentation/Splunk/6.1.4/Alert/Setupalertactions

Reply

huaraz
Explorer
‎04-03-2015 12:10 PM

I do not see that option in 6.1.4 (despite the documentation)

Screenshot
http://picpaste.com/Alert-lQuHXnby.png

Markus

0 Karma
Reply

jbouch03
Path Finder
‎04-03-2015 10:11 AM

What version of Splunk are you using? In 6.2 there is an option for CSV under the email alert settings. See attached screenshot:
Are you trying to send a different CSV file then what is produced by the alert results?

alt text

Preview file
1 KB
0 Karma
Reply

huaraz
Explorer
‎04-03-2015 11:12 AM

I forgot to say I run version 6.1.4

Markus

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...