Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk alert - querying a lookup to send mails to respective id, with complete row information

Le
Observer
‎02-22-2024 03:36 AM

I have a lookup file like below, the query should send mails to each person with that respective row information. and if mail1 column is empty, then query should consider mail2 column value to send mails. and if mail2 column is empty, the query should consider mail3 column value to send mail. and if mail1, mail2 are empty then query should consider mail3 column value to send mail.

Empoccupationlocationfirstmailsecondarymailthirdmail
abcaaahhhaa@mail.comgg@mail.com
defghjkggggbb@mail.comff@mail.com
ghilmoiiii hh@mail.com
jklprejjj  dd@mail.com
mnoswqkkkaa@mail.comii@mail.com

 

example, aa@mail.com..should receive mail like below in tabluar format

Empoccupationlocationfirstmailsecondarymailthirdmail
abcaaahhhaa@mail.comgg@mail.com
mnoswqkkkaa@mail.comii@mail.com

 

so likewise query should read complete table and send mails to persons individually....containing that specific row information in tabluar format. Please help me with the query and let me know incase of any clarification on the requirement.

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-22-2024 06:27 AM

You could construct your search so that each row has a field with the name of the recipients. Then set up the alert so that it triggers for every result. Then use the $row.field$ token as the recipient in the trigger action.

Note that this will mean that the recipients will get multiple emails if their address appears in more than one row of the report.

0 Karma
Reply

Le
Observer
‎02-22-2024 06:50 PM

Thank you for it but i need one mail to be sent though a recipient has multiple rows of data.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-23-2024 01:19 AM

In that case, gather all the information for each user into a single row for that user or submit an idea to Splunk to try to get the functionality changed.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...