Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Send email alert to system owner (in a non-bloated way)

clymbouris
Path Finder
‎12-05-2012 06:17 AM

I'm running a scheduled search that results in a table which includes a row with system owners. I'm using a lookup to find the owners and their emails.

Now I'd like to send out email alerts only to the owner of each system (so filter out the table with owner=John for example before sending out the email).

I can do that if I create multiple scheduled saved searches but that's pretty much unmanageable so I was wondering if there's anything like a "post search" I can add or any way I could do this using only one saved search

Many thanks

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎12-05-2012 06:33 AM

My suggestion would be to use a script alert. The scheduled search will pass arguments to the script, and then you can parse the arguments, read in the results, and iterate over them, sending email to a field.

Docs
http://docs.splunk.com/Documentation/Splunk/5.0/Alert/Scheduledsearch#Set_up_scheduled_search_action...

Bash
http://wiki.splunk.com/Community:Use_Splunk_alerts_with_scripts_to_create_a_ticket_in_your_ticketing...

Python
http://www.seanelavelle.com/2012/04/11/scripting-splunk-alerts-with-python/

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎12-05-2012 06:33 AM

My suggestion would be to use a script alert. The scheduled search will pass arguments to the script, and then you can parse the arguments, read in the results, and iterate over them, sending email to a field.

Docs
http://docs.splunk.com/Documentation/Splunk/5.0/Alert/Scheduledsearch#Set_up_scheduled_search_action...

Bash
http://wiki.splunk.com/Community:Use_Splunk_alerts_with_scripts_to_create_a_ticket_in_your_ticketing...

Python
http://www.seanelavelle.com/2012/04/11/scripting-splunk-alerts-with-python/

0 Karma
Reply
Solved! Jump to solution

clymbouris
Path Finder
‎12-07-2012 12:36 AM

Thanks. A bit of reading is in order but this seems like the way to do it

0 Karma
Reply
Get Updates on the Splunk Community!

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...

New Customer Testimonials

Enterprises of all sizes and across different industries are accelerating cloud adoption by migrating ...