Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Looking for a better way to email reports

ShaneNewman
Motivator
‎02-04-2013 12:44 PM

I have about 30 saved searches that are running on a periodic basis looking for configuration errors (incorrect characters) in integration files. This give us an enterprise view of: new configs, disabled configs, erroneous configs, ect. This further needs to be broken down into a divisional views (15 each) before being send to the end users, who will make the appropriate changes (if needed) to correct integrations.

I would prefer not to have 450 saved searches running to do this. I capture division information in the search and have email addresses associated with the divisions in a lookup file.

My question then becomes can I do something like:

... | lookup division_email_list division OUTPUT division_email_address | eval action.email.to=division_email_address

I know it will be a bit more involved that that, I just need to be pointed in the right direction.

Thanks in advance for anyone who can assist!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

itinney
Path Finder
‎02-04-2013 02:36 PM

This should work:

... | lookup division_email_list division OUTPUT division_email_address | sendemail to=division_email_address format="html" server=smtp.gmail.com:587 use_tls=1

Take a look at the python script $SPLUNK_HOME/etc/apps/search/bin/sendemail.py for other keyword arguments you can use with sendemail command.

View solution in original post

Reply
Solved! Jump to solution

grundsch
Communicator
‎06-03-2015 04:57 AM

I had a similar use case with PDFs. I finaly wrote a script to generate the saved searches and schedules based on a template and csv of parameters.
http://answers.splunk.com/answers/200640/how-to-schedule-customized-dashboard-views-to-grou.html
Maybe you can hack it to fit your use case.

0 Karma
Reply
Solved! Jump to solution
Solution

itinney
Path Finder
‎02-04-2013 02:36 PM

This should work:

... | lookup division_email_list division OUTPUT division_email_address | sendemail to=division_email_address format="html" server=smtp.gmail.com:587 use_tls=1

Take a look at the python script $SPLUNK_HOME/etc/apps/search/bin/sendemail.py for other keyword arguments you can use with sendemail command.

Reply
Solved! Jump to solution

ShaneNewman
Motivator
‎02-04-2013 05:21 PM

I get an error saying invalid address. Any Ideas?

0 Karma
Reply
Solved! Jump to solution

ShaneNewman
Motivator
‎02-04-2013 03:18 PM

Using this function, I would need to remove the portion of my saved search that contains:

action.email = 1
action.email.subject = Removed Integration Configs
action.email.sendresults = 1
action.email.attached = 1
action.email.format = csv

Correct?

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study: How LSU’s Student-Powered SOCs and Splunk Are Shaping the Future of ...

Louisiana State University (LSU) is shaping the next generation of cybersecurity professionals through its ...

Splunk and Fraud

Join us on November 13 at 11 am PT / 2 pm ET!Join us for an insightful webinar where we delve into the ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...