Now it's upon you. No one has provided any simpler way to go with a scripted mailing. Everyone has done on their own.
The alert parameter "%SPLUNK_ARG_8%" which gives you a results.csv.gz can be extracted and manipulated to give you result you want. you can refer sendmail.py file to convert into html or you can take a look at the below. the logic will be the same using any of the language you know

_http://www.ctroms.com/blog/code/python/2011/04/20/csv-to-html-table-with-python/

Hi linu1988,

I cannot say that I am experienced programmer but I have some basic knowledge. I would like to write a simple script (although I imagine that it would be more like a copy) to accomplish my goal. However, I feel that I am going blindly. Is there any script that might be of help?

I read about the savedsearches.conf.example but is very basic. I don't know what the commands are for e-mailing nor how to get the search results. E.g is there any libraries that I have to import?
At last, I am only sure that I will copy the
generateHTMLResults(results) code to print them.

Thanks,
Evang

You get results are parameter in splunk, if you have idea in any scripting language you can extact it to csv file and manipulate and then send it to mail ids. Follow the steps

_http://docs.splunk.com/Documentation/Splunk/latest/Alert/Configuringscriptedalerts

Alright, it seems that is hard so I change my methodology.

I figure out that something re-formats what I write inside the generateHTMLResults(results) definition. I cannot find it, so I am thinking to create a script to run for me when an alert is triggered.

Do any of you know what should I copy paste into the script so as to get the "alert data" and send the e-mail?

Thanks,
Evang

HTML doesn't contain a line break "\n", you need to use "
". And be careful modifying the code, you are using python where indentation is a big issue. If you go into issues with missing mails monitor splunkd.log to see where exactly,yes the exact line number you can find from there.

def generateHTMLResults(results):

        for result in results:
            text += ""
            for col in cols:
                val = result.get(col, "")
                escval = saxutils.escape(val)
                text +="|" + escval
            text += "\n"
return text</pre></code>

This code is part of the sendemail.py and part of the generateHTMLResults(results). I just excluded whatever had to do with table to make it only text. Everything works but line break.

What I am missing here????
Thanks,
Evang

Hi all,

Well the code works fine finally, the problem might be related with the intends or formatting. I am not sure, every time I delete a space or similar it just doesn't work.

mdegann,

I followed the link you gave me (which doesn't work for me), however I wish I could apply what you are saying but I am too novice for that staff.

However, I now have another problem as it seems that I cannot use the line break "\n".

Code is attached in the following comment.

Thanks,
Evang

you can use the sendemail command from Splunk which will give you an error level if your syntax is messed up. http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Sendemail.

My HTML is a little rusty, but it looks like you are mixing header and data cell columns in the same row(s). I would use two for col in cols: loops - one to build the table header (<th>col</th>) and the second to loop through the results (<td>escval</td>...). Row tags (<tr></tr>) should go outside each loop.

Hi mdegann,

Thanks for noticing that. It is a couple of pages code and with my experience I wouldn't noticing that out without your help. I'll have an eye and I see what I can do. I'll keep you posted!

Thanks,
Evang