Archive

How to send individual emails that appear in the search results

New Member

Hi team,

I have search results with CUID is the email(I will append my company domain to CUID, so that mail will go to person) and attached the sample result for the same .How to send the individual emails for all the users along with server name.

I have used send mail command , but it is sending only one mail to the user appear in the first result. I need to send mail to all the users that appears in the list.

alt text
Please help me on this.

Tags (1)
0 Karma

Esteemed Legend

This is from another Q&A:
https://answers.splunk.com/answers/399434/send-emailed-results-to-an-email-address-in-the-re.html#an...

If you need to send a contextually-appropriate subset of results to some people, you can skip the configuration-based email settings and do this in SPL:

... | outputcsv TempFile.csv
| stats values(Email_Address) AS emailToHeader | mvexpand emailToHeader
| map search ="|inputcsv TempFile.csv | where Email_Addresss=\"$emailToHeader$\"
   | fields - Email_Address
   | sendemail
      sendresults=true inline=true
      server=\"Your.Value.Here\"
      from=\"Your.Value.Here\"
      to=\"$emailToHeader$\"
      subject=\"Your Subject here: \$name\$\"
      message=\"This report alert was generated by \$app\$ Splunk with this search string: \$search\$\""
| where comment="MakeSureNoEventsRemail"
| append [|inputcsv TempFile.csv]
0 Karma

SplunkTrust
SplunkTrust

You can use the map command along with the sendemail command, like this

your current search with all the fields mentioned in the screenshot
| map maxsearch=1000 search="| gentimes start=-1 | eval HOSTNM=\"$HOSTNM$\" |..other fields | sendmail to=\"$CUID$\" ..."
0 Karma

Influencer
0 Karma