How do I include the search results in the scheduled search email?

Comments

4 comments

  • Avatar
    Kumar Saurabh

    hi Joe, 

    Can you share the query that you are using - I am wondering if it is a simple search expression, or if you are doing some kind of aggregation in the query. 

    thanks!

    kumar

    0
    Comment actions Permalink
  • Avatar
    Joe Zulli

    Hi Kumar,

    Yes, I am definitely doing an aggregation. It worked before though.... I suppose I don't need it, though it is nice for when I run the query by hand. Do I need to take it out? Here's the exact query:

    (((_source=application AND exception OR "[ERROR]") AND !"from android") AND !"from ios") AND !_sourceCategory=Grocery/CloudFront AND !_sourceCategory=Grocery/Chef | timeslice by 30m | count by _timeslice

     

     

    0
    Comment actions Permalink
  • Avatar
    Bradley Peterson

    I can confirm this.  Before Jan 8 my search alerts had a "Most recent results" section, but after the 8th it's missing.  They are aggregated searches.

    0
    Comment actions Permalink
  • Avatar
    Kumar Saurabh

    Yeah, if you can try this without the aggregation operators in the scheduled search - that would do the trick. you can save the search with aggregate query so that its available if/when you need it..

     

    best,

    kumar

    0
    Comment actions Permalink

Please sign in to leave a comment.