Hello Elastic Team Member
We have configured an Alert from a saved search. Job Runs every 15 minutes per 15 minutes of query history to retrieve document information.
How can I space out each document entry response when the saved search has more than one response?
This is what I get. No spaces.
- Event_Time: 2024-07-23T18:20:00.695Z
- Eventcode: 33205
- Hostname:
- Audit Object Name: CONTSS1_23
- Audit Statement: TRUNCATE TABLE CONTSS1_23
- Audit Database Name: dpa_repository
- Username: dpa
- Audit Event Type: change
- Audit Outcome: success
- Event_Time: 2024-07-23T18:20:00.585Z
- Eventcode: 33205
- Hostname:
- Audit Object Name: CONTSS1_17
- Audit Statement: TRUNCATE TABLE CONTSS1_17
- Audit Database Name: dpa_repository
- Username: dpa
- Audit Event Type: change
- Audit Outcome: success
- Event_Time: 2024-07-23T18:20:00.538Z
-
- Audit Database Name: dpa_repository
- Username: dpa
- Audit Event Type: change
- Audit Outcome: success
Here is my email connector body config.
{{#context.hits}}
- Event_Time: {{_source.@timestamp}}
- Eventcode: {{_source.event.code}}
- Hostname: {{_source.hostname}}
- Audit Object Name: {{_source.sqlserver.audit.object_name}}
- Audit Statement: {{_source.sqlserver.audit.statement}}
- Audit Database Name: {{_source.sqlserver.audit.database_name}}
- Username: {{_source.user.name}}
- Audit Event Type: {{_source.event.type}}
- Audit Outcome: {{_source.event.outcome}}
{{/context.hits}}
Thanks for any help! Dune