Re: Remove Search query from the email Alert

sunilsk1 · ‎08-25-2013

I have scheduled a email alert and the complete result along with Search query is sent to all my Users.
Is there way that I can send only the Search results and hide the Query and all other log details.

DerekB · ‎05-22-2014

Starting in Splunk 6.1, this ability is built into the product. Edit your search and look under the "Click to edit email action" link in the "Alert Actions" section. It's a simple check box you can uncheck. It's in the picture in step 4.

http://docs.splunk.com/Documentation/Splunk/6.1.1/Alert/Setupalertactions

sunilsk1 · ‎08-26-2013

Instead of making any changes to the python script. you can use the following if you need an email everytime the search is executed.

You can disable the Email alert(uncheck the checkbox for Email) and add the following to your Splunk search query -
|sendemail to="@mailid.com" format=html subject=myresults server=mail.splunk.com sendresults=true

if it throws any error then remove the server info from the search : |sendemail to="@mailid.com" format=html subject=myresults sendresults=true

If the alert condition is met then the

dyork · ‎10-20-2016

Worked a treat!
Thanks mate

lcrielaa · ‎08-26-2013

A quick search turned up the following question that someone asked earlier:

http://answers.splunk.com/answers/31388/email-report-format

basically, you can alter the python script that sends out the emails to suit your needs.

Remove Search query from the email Alert

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform