Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Remove query and table header from Emails

Andruep
Engager
‎10-29-2010 09:05 PM

Is there any way to remove the query and table header information from alerts? I am aware of a previous question on the topic however there has not been a solution since that posting. Basically some of my alerts will be sent to smartphones and I would like to remove as much content as possible and only provide meaningful fields.

Tags (2)
Reply

kknopp
Path Finder
‎10-11-2013 07:56 AM

If I were to do something like the above, can I still have it trigger only if there are results? I have started using CASE recently, but that doesn't seem like an appropriate method here...

Reply

0range
Communicator
‎01-23-2014 11:55 PM

Really, seems like direct sendemail command disables all the alerting conditions, isn't it?

0 Karma
Reply

southeringtonp
Motivator
‎10-29-2010 09:41 PM

See also this earlier thread. A couple of possibilities:

  • Run a scheduled search, but instead of using the normal alert mechanism, call the sendemail command directly, e.g., |sendemail to=user@domain.com subject="Something" sendresults=true

  • Roll your own version of the emailer script (see thread 6423 for more detail).

    • Reply

    southeringtonp
    Motivator
    ‎11-03-2010 05:37 PM

    By default, it will use localhost as the mail server. If you want to use a remote server, you can add another parameter server=mail.yourdomain.com

    0 Karma
    Reply

    Andruep
    Engager
    ‎11-02-2010 08:34 PM

    Thanks for the suggestion, however, I received the error below after adding the sendemail string to the end of my search.

    [Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: abc@abc.org.

    abc@abc.org is a filler email address. My actual email address was used.

    0 Karma
    Reply
    Got questions? Get answers!

    Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

    Meet up IRL or virtually!

    Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

    Get Updates on the Splunk Community!

    [Puzzles] Solve, Learn, Repeat: Tiling

    This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

    SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

        Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

    Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

    Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...