- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to use the sendemail command to send resul...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi splunkers !!! Need help.
I used eval to create a field with the email address for some users:
search myquery.... | fields username, result | eval mail=username+"@mydomain.com"
|sendemail to=mail subject="Splunk is wathing you" sendresults=true
inline=true priority=normal
But it's not working.
In python.log
I want to send emails for all users from my search with specific results for every username from the search.
Is it possible? Can I use "mail" field like variable?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As a test, configure your Search Head to use gmail like this:
http://blogs.splunk.com/2014/06/27/splunk-alerts-using-gmail-twitter-phone-calls-and-much-more/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I must to use internal email server
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you ever get this to work?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's pretty simple, don't even need to use map command. Just enable send email alert action and in to: field set $result.email$ (email - depend upon your field name in Splunk result) and select trigger "for each result". Email will be send to the respective email address for each line of result.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's a good way but I still have one problem.
my search | stats count(filename) AS files, sum(size) AS TotalMb by user| sort -TotalMb | eval email=user."@mydomai.com"
| table user, files, TotalMb, email | head 2
| sendemail to=$email$ from=$splunk@mydomain.com$ subject="Big files" sendresults=true inline=true priority=normal server="mail.server" message="TEST"
Result is emailed for each user with the same table:
1 user1, 123, 506Mb, user1@mydomai.com
2 user2, 234, 26Mb, user2@mydomai.com
But I need a separate email:
Email1 to user1@mydomai.com
1 user1, 123, 506Mb, user1@mydomai.com
Email2 to user2@mydomai.com
2 user2, 234, 26Mb, user2@mydomai.com
I have tried:
| map search="sendemail to=$email$ from=$splunk@mydomain.com$ subject="Big files" sendresults=true inline=true priority=normal server="mail.server" message="TEST""
but each user receives email with "No results found"
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
