Solved: Results of Saved Search not being included/attache...

Jason · ‎09-08-2010

I have a handful of scheduled searches that a client would like emailed. They want to see the results in the email and not have to log into Splunk. However, when I go in Email Alert Settings in the WebUI set Splunk to Include Results Inline = yes, no matter what Email Format I choose they still receive no results in their email, only a link.

The search is returning results, and is emailing because it is set to email when number of events > 0.

Please let me know what settings I should check, I think this is a stock 4.1.4 install.

Branden · ‎09-08-2010

In your savedsearches.conf, make sure the following is set for the search in question:

action.email.sendresults = 1

View solution in original post

Jason · ‎09-08-2010

Haha, nope, I totally missed that checkbox. Thanks guys!

Branden · ‎09-08-2010

In your savedsearches.conf, make sure the following is set for the search in question:

action.email.sendresults = 1

Lowell · ‎09-08-2010

Just checking, but your sure you checked "Include results in email" on the saved search in question, right? The email format options are on a different page. In savedsearches.conf this will take the form: action.email.sendresults = 1

Results of Saved Search not being included/attached in email

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023