Dashboards & Visualizations

How do i set up one email alert as plaintext and everything else as html

Communicator

Hi all,

Running Splunk 4.1.8 on Windows. One of our teams wants us to send alerts to their pager, and they are requesting plaintext only, however we want to keep all of our other alerts html. After some reading, I created a different sendemail command in commands.conf and have it calling a modified sendemail.py file.

If this will work, what do i need to change in the sendemail.py file to make it plaintext? Also, if i can get that to work, what is the command i would use in the search to only send if there are results?

... | sendemailtest to=mailaddy.com subject="Splunk Alert: end of world" sendresults=true server=mail.domain.com

Thank you in advance for your help.

I-Man

Tags (3)
1 Solution

Contributor

This can be easily done by set your Manager » System settings » Email alert settings » Email format to html and add 『action.email.format = plaintext』in your savedsearches.conf as following

[your saved search name]
...
action.email.format = plaintext

the reason to do this is as you can see part of py code in sendemail.py:

if len(results) == 0:
    msgText = "No results."
else:
    format = argvals.get("format", "html").lower()

    # always attach in CSV format
    if not toBool(argvals.get("inline", "true") ):
       format = "csv"

    if format == "**raw**":
        msgText = generateRawResults(results)
    elif format == "**html**":
        msgText = generateHTMLResults(results)
    elif format =="**csv**":
        msgText = generateCSVResults(results)
    else:
        msgText = generateTextResults(results)

so if you assign action.email.format = plaintext, it will match the final else block to generate the text result you wanna do

View solution in original post

Contributor

This can be easily done by set your Manager » System settings » Email alert settings » Email format to html and add 『action.email.format = plaintext』in your savedsearches.conf as following

[your saved search name]
...
action.email.format = plaintext

the reason to do this is as you can see part of py code in sendemail.py:

if len(results) == 0:
    msgText = "No results."
else:
    format = argvals.get("format", "html").lower()

    # always attach in CSV format
    if not toBool(argvals.get("inline", "true") ):
       format = "csv"

    if format == "**raw**":
        msgText = generateRawResults(results)
    elif format == "**html**":
        msgText = generateHTMLResults(results)
    elif format =="**csv**":
        msgText = generateCSVResults(results)
    else:
        msgText = generateTextResults(results)

so if you assign action.email.format = plaintext, it will match the final else block to generate the text result you wanna do

View solution in original post

Builder

All savedsearches are related to an app. There is no system context for them so splunk does not look for a file in the system/local directory.

0 Karma

Communicator

Awesome, that works great. However, it would only worked in the /etc/apps/search/local/savedsearches.conf file. I created this conf file in system/local and it did not work for some reason. Either way, thanks for the resolution!

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!