Solved: How to schedule a report to send an email only if ...

matstap · ‎04-12-2018

I have a report that sends an email with the result data once a day. I only want the report to send an email if the number of results > 0. Can anyone point me in the right direction?

adonio · ‎04-14-2018

run your search -> top right save as dropdown -> an alert -> condition: if count > 0 -> in actions, send results, send email (and everything else you need) -> set cron to the time of day you want the report to run -> save -> enjoy
hope it helps

View solution in original post

L1_marrera · ‎05-01-2019

A little late, but you can go to Settings\Searches, reports, and alerts

Click your report and in the Alert section you can choose the Condition, the one you want is:

If number of events
is greater than: 0

Source: https://answers.splunk.com/answers/586680/report-creates-multiple-emails-looking-for-single.html

adonio · ‎04-14-2018

run your search -> top right save as dropdown -> an alert -> condition: if count > 0 -> in actions, send results, send email (and everything else you need) -> set cron to the time of day you want the report to run -> save -> enjoy
hope it helps

richgalloway · ‎04-12-2018

If you change the report into an alert you'll have the ability to send email only if there are results.

---
If this reply helps you, Karma would be appreciated.

matstap · ‎04-13-2018

That was it. Thanks

richgalloway · ‎04-16-2018

Please accept an answer.

---
If this reply helps you, Karma would be appreciated.

How to schedule a report to send an email only if it returns results.

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7