Alerting

Splunk alert - querying a lookup to send mails to respective id, with complete row information

Le
Observer

I have a lookup file like below, the query should send mails to each person with that respective row information. and if mail1 column is empty, then query should consider mail2 column value to send mails. and if mail2 column is empty, the query should consider mail3 column value to send mail. and if mail1, mail2 are empty then query should consider mail3 column value to send mail.

Empoccupationlocationfirstmailsecondarymailthirdmail
abcaaahhhaa@mail.comgg@mail.com
defghjkggggbb@mail.comff@mail.com
ghilmoiiii hh@mail.com
jklprejjj  dd@mail.com
mnoswqkkkaa@mail.comii@mail.com

 

example, aa@mail.com..should receive mail like below in tabluar format

Empoccupationlocationfirstmailsecondarymailthirdmail
abcaaahhhaa@mail.comgg@mail.com
mnoswqkkkaa@mail.comii@mail.com

 

so likewise query should read complete table and send mails to persons individually....containing that specific row information in tabluar format. Please help me with the query and let me know incase of any clarification on the requirement.

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

You could construct your search so that each row has a field with the name of the recipients. Then set up the alert so that it triggers for every result. Then use the $row.field$ token as the recipient in the trigger action.

Note that this will mean that the recipients will get multiple emails if their address appears in more than one row of the report.

0 Karma

Le
Observer

Thank you for it but i need one mail to be sent though a recipient has multiple rows of data.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

In that case, gather all the information for each user into a single row for that user or submit an idea to Splunk to try to get the functionality changed.

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...