Solved: Re: Results of Saved Search not being included/att...

Jason · ‎09-08-2010

I have a handful of scheduled searches that a client would like emailed. They want to see the results in the email and not have to log into Splunk. However, when I go in Email Alert Settings in the WebUI set Splunk to Include Results Inline = yes, no matter what Email Format I choose they still receive no results in their email, only a link.

The search is returning results, and is emailing because it is set to email when number of events > 0.

Please let me know what settings I should check, I think this is a stock 4.1.4 install.

Branden · ‎09-08-2010

In your savedsearches.conf, make sure the following is set for the search in question:

action.email.sendresults = 1

View solution in original post

Jason · ‎09-08-2010

Haha, nope, I totally missed that checkbox. Thanks guys!

Branden · ‎09-08-2010

In your savedsearches.conf, make sure the following is set for the search in question:

action.email.sendresults = 1

Lowell · ‎09-08-2010

Just checking, but your sure you checked "Include results in email" on the saved search in question, right? The email format options are on a different page. In savedsearches.conf this will take the form: action.email.sendresults = 1

Results of Saved Search not being included/attached in email

SplunkTrust | Where Are They Now - Michael Uschmann

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1