- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- How do i set up one email alert as plaintext and e...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
Running Splunk 4.1.8 on Windows. One of our teams wants us to send alerts to their pager, and they are requesting plaintext only, however we want to keep all of our other alerts html. After some reading, I created a different sendemail command in commands.conf and have it calling a modified sendemail.py file.
If this will work, what do i need to change in the sendemail.py file to make it plaintext? Also, if i can get that to work, what is the command i would use in the search to only send if there are results?
... | sendemailtest to=mailaddy.com subject="Splunk Alert: end of world" sendresults=true server=mail.domain.com
Thank you in advance for your help.
I-Man
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This can be easily done by set your Manager » System settings » Email alert settings » Email format to html and add 『action.email.format = plaintext』in your savedsearches.conf as following
[your saved search name]
...
action.email.format = plaintext
the reason to do this is as you can see part of py code in sendemail.py:
if len(results) == 0:
msgText = "No results."
else:
format = argvals.get("format", "html").lower()
# always attach in CSV format
if not toBool(argvals.get("inline", "true") ):
format = "csv"
if format == "**raw**":
msgText = generateRawResults(results)
elif format == "**html**":
msgText = generateHTMLResults(results)
elif format =="**csv**":
msgText = generateCSVResults(results)
else:
msgText = generateTextResults(results)
so if you assign action.email.format = plaintext, it will match the final else block to generate the text result you wanna do
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This can be easily done by set your Manager » System settings » Email alert settings » Email format to html and add 『action.email.format = plaintext』in your savedsearches.conf as following
[your saved search name]
...
action.email.format = plaintext
the reason to do this is as you can see part of py code in sendemail.py:
if len(results) == 0:
msgText = "No results."
else:
format = argvals.get("format", "html").lower()
# always attach in CSV format
if not toBool(argvals.get("inline", "true") ):
format = "csv"
if format == "**raw**":
msgText = generateRawResults(results)
elif format == "**html**":
msgText = generateHTMLResults(results)
elif format =="**csv**":
msgText = generateCSVResults(results)
else:
msgText = generateTextResults(results)
so if you assign action.email.format = plaintext, it will match the final else block to generate the text result you wanna do
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All savedsearches are related to an app. There is no system context for them so splunk does not look for a file in the system/local directory.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Awesome, that works great. However, it would only worked in the /etc/apps/search/local/savedsearches.conf file. I created this conf file in system/local and it did not work for some reason. Either way, thanks for the resolution!
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
