How to change name of attachments in email alert a...

Melnikovin · ‎10-31-2015

Hi.

In Splunk 6.2 in alerts with email action, all CSV Attachments have a name like "splunk_results.csv" by default. After installation of 6.3, the default name was changed to $name$ token(name of alert).
If I use Russian language in the alert name, I got something like this in half of cases:
"п║п©п╦я│п╬п╨п╫п╬п╡я▀я┘я┐я│я┌п╟п╫п╬п╡п╬п╨_п╥п╟п©я-2015-10-20.csv"

So how can I rename the name of the attached CSV file?

stephane_cyrill · ‎10-31-2015

Hi, you can modify the default splunk python script, as this is the script that actually send the emails. It resides in:
$SPLUNK_HOME/etc/apps/search/bin/sendemail.py . To rename the attached csv name , rename the default filename (
filename = "splunk-results.csv")
I advice you to see this:

https://answers.splunk.com/answers/2641/how-do-i-customize-scheduled-search-alert-emails.html

Melnikovin · ‎11-01-2015

Thank you. I wiil try.

How to change name of attachments in email alert action in Splunk 6.3?

.conf23 Registration is Now Open!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control