|
I need to send an Email based on a if condition. Something like "if (value > 10) send an email". But I am not able to figure out how to do this. I am trying this with eval. But this only assigns the value to a variable(LoginQuality). "eval LoginQuality= if (AverageLoginTime >10, "More", "Less")". I need to make change/modify this statement to send an email depending on the condition. Can someone help me with this? |
|
Under Manager/Searches and Reports you can schedule your e-mails. This is a feature that veries quite a bit between version. The later versions have better control over this. I want to do this either from the search command or from a python script. From the search query/command, I get the AverageLoginTime value and based on this value I need to send the mail. So I am looking for some command like "if (AvearageLoginTime > 10) send an email"
(27 May '12, 11:58)
hiteshkanchan
If sending mail based on condition like "if (AvearageLoginTime > 10) send an email" is not possible, then I tried using Manager/Searches and Reports. But it does not seem to send any mails. Any idea if I need to do any configuration.
(28 May '12, 04:18)
hiteshkanchan
there is a sendmail command, | eval send = if(AverageLoginTime>10,true,false) | search send=true | sendmail {arg list} http://docs.splunk.com/Documentation/Splunk/4.3.2/SearchReference/Sendemail
(29 May '12, 04:43)
fk319
Yes right, I am doing the same thing and getting some error like command="sendemail", [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond while sending mail to: "username@mail.com"
(29 May '12, 05:34)
hiteshkanchan
I have not personaly done this, but an other has on our system. I would expect that sendmail [on a unix system] must be accepting request, well at leat on 127.0.0.1
(29 May '12, 06:02)
fk319
|
|
If I understand your goal here, it's possible that an "advanced conditional alert" will suit your needs. Check out http://docs.splunk.com/Documentation/Splunk/4.2.3/User/SchedulingSavedSearches and search for the section "Define an advanced conditional alert". I think that using a conditional alert of the form should get you close to what you want... Yes I am trying the same, but currently I am getting some error. "command="sendemail", [Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: hitesh@domain.com"". Looks like some configuration issue. Kindly let me know if anyone has resolved this issue
(30 May '12, 04:08)
hiteshkanchan
I am trying this command --> sendemail to="user@domain.com" sendresults=true server="proxy.com:8080" and it gives the error like --> "command="sendemail", Connection unexpectedly closed while sending mail to: user@domain.com"
(30 May '12, 04:38)
hiteshkanchan
You need to configure Splunk with a proper connection to a valid SMTP server. I doubt that
(07 Jun '12, 21:11)
dwaddle ♦
|
|
You can do this with a sub search. Check this out: index="_internal" group="per_source_thruput" | search series!="_audit" | search series!="_internal" | eval GB=(kb/1024)/1024 | stats sum(GB) as Hourly_Indexed_GB | eval test=if(Hourly_Indexed_GB > 20.3 ,[| search index="_internal" group="per_source_thruput" | search series!="_audit" | search series!="_internal" | eval GB=(kb/1024)/1024 | stats sum(GB) as GB | table GB | sendemail to="email@somewhere.com" format=html subject=Splunk_License_warn server=Your_Mail_Server sendresults=true],"0" ) The gist of this is to include an if statement and place a sub search on the true or false clause of the if. The sub search uses the sendmail command to send you the results.
(07 Sep '12, 11:01)
romantercero
|
