Hello Everyone, there is a requirement in which i need to send emails to different groups based on conditions, i heard that i can solve it by using scripts, as i am novice to splunk can anyone provide me sample example to achieve this. Even it is more helpful if you provide the script in .js file.
Thanks in Advance.
what do you mean "conditions"?
If you can isolate each "condition" into a seperate alert, you dont need to use scripts at all - simply configure each alert to email the relevent team.
There may be a cases (i can think of a few) where this would be less ideal, but perhaps you can give us some examples of what the data/conditions are in your use case.
Thanks for the reply nick.
Lets consider that i have range of marks that is from 10-30, 31-50,51-100, i need to send emails to 3 different groups based on the range of marks, all the above range of marks resulted in single query. If the marks range is 10-30 email has to trigger to A group, if the marks range is between 31-50 email has to trigger to B group else C group,
Here's a crude approach:
base search yielding a field range | eval recipient = case(range<=30, "firstname.lastname@example.org", range<=50, "email@example.com", true(), "firstname.lastname@example.org")
Then configure the alert's email to field to be
$result.recipient$. The email will then be sent to the value of the
recipient field in the first result row.
Once you're happy with the basic functionality you should consider moving the list of recipients out to macros or lookups in order to not have to touch many alerts when an email or range changes.
You could use a scripted alert to achive this, but there are some hoops to jump through.
You will need to write a script to parse the fields sent with the 8th alert argument. You can then based on these values take a different action (destination address) based on the result.
There is a good example here using a python wrapper to do something similar