I have one alert stanza in my savedsearches.conf. Now, I want to dynamically send email notifications to the consumers based on the output of the result query. Suppose the alert query will give me the below output table after one run:
Now, based on the consumer names, I should be getting email alerts to different **email Ids** with different email subjects dynamically. So that I don't need to set up multiple alert stanzas in savedsearches.conf for different email recipients.
Please let me know how I can implement this.
Install and use sendresults app from the splunkbase to do so.
sendresults exists for this use case
have you seen this answer?
https://answers.splunk.com/answers/213340/how-to-get-splunk-sendemail-command-to-send-multip.html
I think this might be an approach that will work for your ask.
This documentation might also help. If there is a way you can join email addresses to the consumer, you could use $result.email$ in the To field of the alert.
http://docs.splunk.com/Documentation/Splunk/7.2.0/Alert/Emailnotification#Example_-_Send_email_to_di...
Thanks for your insights. But I would rather prefer to have some solution based on scripting. Let me know if you have any solution based on scripting.