Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Looking for a better way to email reports

ShaneNewman
Motivator
‎02-04-2013 12:44 PM

I have about 30 saved searches that are running on a periodic basis looking for configuration errors (incorrect characters) in integration files. This give us an enterprise view of: new configs, disabled configs, erroneous configs, ect. This further needs to be broken down into a divisional views (15 each) before being send to the end users, who will make the appropriate changes (if needed) to correct integrations.

I would prefer not to have 450 saved searches running to do this. I capture division information in the search and have email addresses associated with the divisions in a lookup file.

My question then becomes can I do something like:

... | lookup division_email_list division OUTPUT division_email_address | eval action.email.to=division_email_address

I know it will be a bit more involved that that, I just need to be pointed in the right direction.

Thanks in advance for anyone who can assist!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

itinney
Path Finder
‎02-04-2013 02:36 PM

This should work:

... | lookup division_email_list division OUTPUT division_email_address | sendemail to=division_email_address format="html" server=smtp.gmail.com:587 use_tls=1

Take a look at the python script $SPLUNK_HOME/etc/apps/search/bin/sendemail.py for other keyword arguments you can use with sendemail command.

View solution in original post

Reply
Solved! Jump to solution

grundsch
Communicator
‎06-03-2015 04:57 AM

I had a similar use case with PDFs. I finaly wrote a script to generate the saved searches and schedules based on a template and csv of parameters.
http://answers.splunk.com/answers/200640/how-to-schedule-customized-dashboard-views-to-grou.html
Maybe you can hack it to fit your use case.

0 Karma
Reply
Solved! Jump to solution
Solution

itinney
Path Finder
‎02-04-2013 02:36 PM

This should work:

... | lookup division_email_list division OUTPUT division_email_address | sendemail to=division_email_address format="html" server=smtp.gmail.com:587 use_tls=1

Take a look at the python script $SPLUNK_HOME/etc/apps/search/bin/sendemail.py for other keyword arguments you can use with sendemail command.

Reply
Solved! Jump to solution

ShaneNewman
Motivator
‎02-04-2013 05:21 PM

I get an error saying invalid address. Any Ideas?

0 Karma
Reply
Solved! Jump to solution

ShaneNewman
Motivator
‎02-04-2013 03:18 PM

Using this function, I would need to remove the portion of my saved search that contains:

action.email = 1
action.email.subject = Removed Integration Configs
action.email.sendresults = 1
action.email.attached = 1
action.email.format = csv

Correct?

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...