All Apps and Add-ons

Is it possible to send the entire result set in a single email to all to all the recipients whose ID is a part of the result set instead of sending out individual emails using sendresults?


I'm using sendresults command to send an email with a result set in a tabular form to a group of people. This group of people depends on a condition. So basically its not a fixed group of people that will receive the email every time.

Now, if I use xyz."", where xyz is the field containing the ID of the individual , the result set (row/rows) corresponding to a particular ID are sent to that individual's email address based on the email_to field.
What I want is for the entire result set to get emailed to all the IDs which the xyz field contains in a single email depending on the list of IDs that are under the xyz field.
for example
xyz color flower
jim red rose
rita blue orchid
ben yellow sunflower

I want the whole result set above to be sent as a single email to jim,ben and rita using sendresults.
Please advise.

0 Karma

Path Finder

Thanks for using sendresults!

There is no flag/setting/option that will make it behave the way you are describing, but you can get it to work by having the email_to field be a comma separated list of the email addresses you want the results to go to.

Sendresults uses the email_to field as the key for grouping the rows and then when the emails are sent, it processes the field as a list.

0 Karma
Get Updates on the Splunk Community!

Running multiple macros in the same search

Hi all!I'm trying to run multiple macros in the same search and eventually aggregate the results from each ...

Logic of Compound Subsearch with inputlookup

I'm struggling to create a search using an inputlookup and multiple NOT searches.Background: I have an ...

Tagging Heavy Forwarders

This is a tip, not a question.&nbsp;<span class="lia-unicode-emoji" ...