Alerting

Send email alert to system owner (in a non-bloated way)

Path Finder

I'm running a scheduled search that results in a table which includes a row with system owners. I'm using a lookup to find the owners and their emails.

Now I'd like to send out email alerts only to the owner of each system (so filter out the table with owner=John for example before sending out the email).

I can do that if I create multiple scheduled saved searches but that's pretty much unmanageable so I was wondering if there's anything like a "post search" I can add or any way I could do this using only one saved search

Many thanks

Tags (2)
0 Karma
1 Solution

SplunkTrust
SplunkTrust

My suggestion would be to use a script alert. The scheduled search will pass arguments to the script, and then you can parse the arguments, read in the results, and iterate over them, sending email to a field.

Docs
http://docs.splunk.com/Documentation/Splunk/5.0/Alert/Scheduledsearch#Set_up_scheduled_search_action...

Bash
http://wiki.splunk.com/Community:Use_Splunk_alerts_with_scripts_to_create_a_ticket_in_your_ticketing...

Python
http://www.seanelavelle.com/2012/04/11/scripting-splunk-alerts-with-python/

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

My suggestion would be to use a script alert. The scheduled search will pass arguments to the script, and then you can parse the arguments, read in the results, and iterate over them, sending email to a field.

Docs
http://docs.splunk.com/Documentation/Splunk/5.0/Alert/Scheduledsearch#Set_up_scheduled_search_action...

Bash
http://wiki.splunk.com/Community:Use_Splunk_alerts_with_scripts_to_create_a_ticket_in_your_ticketing...

Python
http://www.seanelavelle.com/2012/04/11/scripting-splunk-alerts-with-python/

View solution in original post

0 Karma

Path Finder

Thanks. A bit of reading is in order but this seems like the way to do it

0 Karma