Action Type: Upload File

Security Requirements and Controls

The Upload File Action creates a CSV file from the events and uploads the file to LogScale in the repository/view of the action. The CSV file can then be used in the match().

You need to specify the file name for the CSV file.

Whenever the action triggers, the file is overwritten. This means that you need to ensure that the action receives all events necessary to populate the file, and not just changes since the action was last triggered.

We recommend that you use this action with a search that only returns the fields that you need as columns in the CSV file. This can, for instance, be achieved by using the select() query function.


This action requires the Change files permission for the user who is running the alert or scheduled search triggering this action.