https://community.splunk.com/t5/Reporting/Splunk-report-on-demand/m-p/556268#M9220 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225125">@SS1</a>&nbsp;</P><P>can be achieved if you have _audit index access to query it using Splunk Rest API and having mail functionality enabled.</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">#Step1 - Find the search_id of savedsearch index=_audit savedsearch_name=&lt;your_search_name&gt; earliest=-20m latest=now | field search_id | Rest API POST method -https://docs.splunk.com/Documentation/Splunk/8.2.0/RESTREF/RESTsearch#search.2Fjobs #Step2 get the results of step1 to retrieve search_id Rest API GET method -https://docs.splunk.com/Documentation/Splunk/8.2.0/RESTREF/RESTsearch#search.2Fjobs #Step3 retrieve the search job results of savedsearch REST API GET Method - https://docs.splunk.com/Documentation/Splunk/8.2.0/RESTREF/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7D.2Fresults -&gt; output the results to a file #Step4 use the linux sendmail command to send results to your required email, assuming you have SMTP enabled in linux</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;-----</P><P>An upvote would be appreciated and accept solution if it helps!</P> Fri, 18 Jun 2021 03:32:58 GMT venkatasri 2021-06-18T03:32:58Z https://community.splunk.com/t5/Reporting/Splunk-report-on-demand/m-p/556245#M9214 <P>Hi,</P><P>I have a report which is scheduled to run every day at 8 AM.&nbsp;</P><P>Is it possible to generate that report to email address X by executing a command via CLI ?</P> Thu, 17 Jun 2021 22:57:15 GMT https://community.splunk.com/t5/Reporting/Splunk-report-on-demand/m-p/556245#M9214 SS1 2021-06-17T22:57:15Z https://community.splunk.com/t5/Reporting/Splunk-report-on-demand/m-p/556257#M9217 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225125">@SS1</a>&nbsp;</P><P>Reports functionality having trigger action Email is one of the action if you want to enable then at 08 AM you will get Email. In UI go to Edit -&gt; schedule -&gt; trigger Actions -&gt; Email and fill in details required and check the additional options like send pdf, results etc.</P><P>Just wondering why you want to push it from CLI is this for ad-hoc basis rather than every days 08 AM?</P><P>Backed savedsearches.conf looks like this,</P><LI-CODE lang="markup">## cron is indicaive [your_saved_search_report_name] action.email = 1 action.email.sendpdf = 1 action.email.sendresults = 1 action.email.to = youremails@domain.com alert.track = 0 cron_schedule = 0 6 * * 1 enableSched = 1</LI-CODE><P>---</P><P>An upvote would be appreciated if it helps!</P> Fri, 18 Jun 2021 01:20:24 GMT https://community.splunk.com/t5/Reporting/Splunk-report-on-demand/m-p/556257#M9217 venkatasri 2021-06-18T01:20:24Z https://community.splunk.com/t5/Reporting/Splunk-report-on-demand/m-p/556260#M9218 <P>Just wanted to see if i can issue a command via CLI at 8:15 AM and generate that report ?</P> Fri, 18 Jun 2021 01:40:44 GMT https://community.splunk.com/t5/Reporting/Splunk-report-on-demand/m-p/556260#M9218 SS1 2021-06-18T01:40:44Z https://community.splunk.com/t5/Reporting/Splunk-report-on-demand/m-p/556268#M9220 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225125">@SS1</a>&nbsp;</P><P>can be achieved if you have _audit index access to query it using Splunk Rest API and having mail functionality enabled.</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">#Step1 - Find the search_id of savedsearch index=_audit savedsearch_name=&lt;your_search_name&gt; earliest=-20m latest=now | field search_id | Rest API POST method -https://docs.splunk.com/Documentation/Splunk/8.2.0/RESTREF/RESTsearch#search.2Fjobs #Step2 get the results of step1 to retrieve search_id Rest API GET method -https://docs.splunk.com/Documentation/Splunk/8.2.0/RESTREF/RESTsearch#search.2Fjobs #Step3 retrieve the search job results of savedsearch REST API GET Method - https://docs.splunk.com/Documentation/Splunk/8.2.0/RESTREF/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7D.2Fresults -&gt; output the results to a file #Step4 use the linux sendmail command to send results to your required email, assuming you have SMTP enabled in linux</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;-----</P><P>An upvote would be appreciated and accept solution if it helps!</P> Fri, 18 Jun 2021 03:32:58 GMT https://community.splunk.com/t5/Reporting/Splunk-report-on-demand/m-p/556268#M9220 venkatasri 2021-06-18T03:32:58Z