Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Send Email Alert by result query

vumanhtai
Path Finder
‎01-06-2019 11:33 PM

Hi ALL!
sourcetye=error | stats count by email | sendmail to=....

I want the receiver in "sendmail" is the result of query "stats count by email"
For example:
If we have 3 emails from the "stats count by email"
Then the query "sendmail" will send email to the 3 above emails.

Thanks in advance!

0 Karma
Reply

mdsnmss
SplunkTrust
SplunkTrust
‎01-07-2019 07:22 AM

Hi vumanhtai,

You may want to take a look at this app which allows for more dynamic alerting based on results: https://splunkbase.splunk.com/app/1794/#/details.

0 Karma
Reply

p_gurav
Champion
‎01-06-2019 11:45 PM

Try this:

sourcetype=error | stats count by email | sendmail to=$result.email$

OR 

 sourcetype=error | stats count by email | sendmail to=$email$
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...