Let's let say that I have am alert rule that if the number of failured Windows logins exceed three in 15 minutes. I believe that the alert is sent to my email but I can't figure out how to send a PDF in the alert that has the possible hosts that are applicable, the only useless message displayed in the rule has been listed I telling users to log in to Splunk ( which they can't) they are end users at remote facilities that do not have that access. Anyone ever done this because I could really use you help.
M
thx
↧