Can't format result columns in email alert

Comments

2 comments

  • Avatar
    Graham

    Hi Mike,

    Can you share a sample query here? I would suggest the Fields operator to list only the fields that you want as the columns in the results of the Scheduled Search.

    1
    Comment actions Permalink
  • Avatar
    David Micallef

    I have a similar problem with the csv produced my scheduled search. I have used the fields operator as follows to exclude the Message, Host, Name, and Category data from my search results:

    | fields - _raw, _source, _sourceCategory, _sourceHost, _sourceName

     

    However, the csv includes empty columns for Message, Host, Name, and Category. Screen shot posted below. Is it possible to remove these columns from the csv report?

    0
    Comment actions Permalink

Please sign in to leave a comment.