hi,

I am using a Kibana watcher to send an email with attachments. The attachments will be of ".csv "format. I will need only two columns in the csv( list of ip's) followed by number of logs collected per ip.

Here is my code so far:

   {
  "trigger": {
    "schedule": {
      "interval": "10h"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "custom-*"
        ],
        "types": [],
        "body": {
          "size": 0,
          "query": {
            "bool": {
              "must": [
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-30m"
                    }
                  }
                }
              ]
            }
          },
          "aggs": {
            "source_ip": {
              "terms": {
                "field": "SOURCEIP",
                "size": 2000
              }
            }
          }
        }
      }
    }
  },
  "condition": {
    "always": {}
  },
  "actions": {
    "send_email": {
      "transform": {
        "script": {
          "source": "return ctx.payload.hits",
          "lang": "painless"
        }
      },
      "email": {
        "profile": "standard",
        "attachments": {
          "data.csv": {
            "data": {
              "format": "yaml"
            }
          }
        },
        "to": [
          "myself@emailaddress.com"
        ],
        "subject": "TestEmail",
        "body": {
          "html": "testEmail "
        }
      }
    }
  }
}

How do I go about formatting the two columns in my csv attachment?

Hey,

right now it is not possible to create a CSV based attachment via the email attachment. you can choose YAML or JSON (you chose YAML in your example).

Hope this helps!

--Alex

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.