Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Send Email Alert by result query

vumanhtai
Path Finder
‎01-06-2019 11:33 PM

Hi ALL!
sourcetye=error | stats count by email | sendmail to=....

I want the receiver in "sendmail" is the result of query "stats count by email"
For example:
If we have 3 emails from the "stats count by email"
Then the query "sendmail" will send email to the 3 above emails.

Thanks in advance!

0 Karma
Reply

mdsnmss
SplunkTrust
SplunkTrust
‎01-07-2019 07:22 AM

Hi vumanhtai,

You may want to take a look at this app which allows for more dynamic alerting based on results: https://splunkbase.splunk.com/app/1794/#/details.

0 Karma
Reply

p_gurav
Champion
‎01-06-2019 11:45 PM

Try this:

sourcetype=error | stats count by email | sendmail to=$result.email$

OR 

 sourcetype=error | stats count by email | sendmail to=$email$
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...