Archive

sending emails to users that appear in search results

Hi,

The question was asked before but I couldn't find a good answer anywhere. Here goes...
I have a search result with multiple lines and the first column consists of emails of different persons that I need email.
The rest of the columns also have information that needs to be included in the email. the information is different for each person/row.

How can I send multiple emails to different recipients using sendmail with the recipient being the name in the first column and the email itself has information from the rest of the columns.

Thanks.
Assaf

Tags (1)
0 Karma
1 Solution

Let's say your search results return fields named recipient, data1, data2, and data3, and you'd like to send the contents of the fields named data* to the user named in the recipient field. Here's how you'd do that:

your base search
| map search 
 [ | sendemail to=$recipient$ subject="some subject" from=youremail@yourself.com message="$data1$ and then more $data2$ and finally some $data3$" ]

This will run the subsearch once for each line of results from the base search, effectively shepherding the values from recipient and data* into the subsearch together.

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

While you already have an answer, I'd suggest you also have a look at sendresults, this can be useful for emailing the results of a search on a per-user basis...

0 Karma

Thanks.. I'll look into that also.

0 Karma

Let's say your search results return fields named recipient, data1, data2, and data3, and you'd like to send the contents of the fields named data* to the user named in the recipient field. Here's how you'd do that:

your base search
| map search 
 [ | sendemail to=$recipient$ subject="some subject" from=youremail@yourself.com message="$data1$ and then more $data2$ and finally some $data3$" ]

This will run the subsearch once for each line of results from the base search, effectively shepherding the values from recipient and data* into the subsearch together.

View solution in original post

0 Karma

Thanks elliotproebstel,
when running your suggestion as is Splunk threw an error but some digging got me to the correct syntax (Adding it below for future referencing)

basesearch
| map search="sendemail to= subject=\"need
to_escape\" from= message=\"$data1$ and then more $data2$ and finally some $data3$\" sendresults=true inline=true format=raw"

Thanks, accepting as answer.

0 Karma