Re: SendEmail command to send to different emails

nols76 · ‎01-09-2019

Hello all. New to splunk. How can I perform a SendEmail for each log that comes in, which will have a different email address for each?

 index=wm_xsp_cad host=vxxx0u8997 "inactive team" index=wm_xsp_cad host=vxxx30u8997 "Inactive team"|table TeamEmail, ECI, CADesc | eval valueForToHeader=TeamEmail | sendemail 
   sendresults=true inline=true
   to= ????
    Subject=\"$CADesc\$\" 
     From="james@jL.com"

     Subject="hello"
     server= localhost
     graceful=false

nols76 · ‎01-17-2019

Thank you, this is helpful

Yorokobi · ‎01-09-2019

Take a look at the Sendresults search command: https://splunkbase.splunk.com/app/1794/

nols76 · ‎01-09-2019

Making some progress with this however I need assistance with sending one email per record, rather than one email for all the records?

index=wm_xsp_cad host=vxxx0u8997 "inactive team" index=wm_xsp_cad host=vxxx30u8997 "Inactive team"|table TeamEmail, ECI, CADesc | eval valueForToHeader=TeamEmail | sendemail 
  sendresults=true inline=true
  to= ????
   Subject=\"$CADesc\$\" 
    From="james@jL.com"

    Subject="hello"
    server= localhost
    graceful=false

SendEmail command to send to different emails

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...