Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

email "To" list from search results

rv6abob
Engager
‎09-30-2010 05:55 PM

Any way to make a scheduled searches "To" list be a result field from a search?

Tags (2)
0 Karma
Reply

Lowell
Super Champion
‎09-30-2010 07:17 PM

I tried some other "tricks" but nothing seemed acceptable. I'm fairly confident you could do something like this using map. Something like:

 <email lookup search> | stats values(email) as to | eval to=mvjoin(to, ",") | map search=" <the real search> | sendemail to=\"$to$\""`

But that gets pretty ugly really quick (especially if you have many double quotes), and there are other limitations too.

I think the only real answer is to make your own email sending search command that can be told to use some sort of field substitution within the "to" field. Which admittedly would be nice and I could that that being helpful for other fields too, like the subject line.

If you want to go down that road, be sure to check out the existing sendemail search command. You can find the existing code here: $SPLUNK_HOME/etc/apps/search/bin/sendemail.py It's probably a better idea to copy this instead of modifying the existing one since it will be overwritten by any splunk upgrades.

Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...