Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can we Split the results based on the users and email them ?

rakesh_498115
Motivator
‎11-07-2013 06:37 AM

Hi..

I am trying to find the custom script which emails the conents of the search results specific to the users. I have a huge result for my search , in that result they are n of user's with their email ids , so i need the data that belongs to the user in a email.

Can any one help in customizing the sendemail.py script to do this pls ?

my sample output data is something like this :

IssueTracked IssueResovled NetworkGroup EmailsInGroup
30 20 A user1@domain.com,user2@domain.com
50 30 A user1@domain.com,user2@domain.com
70 20 B user3@domain.com,user4@domain.com
71 50 C user5@domain.com

Now in the above output , i want the NetworkGroup Data say "A" , should be emailed to those user email ids only i.e user1@domain.com,user2@domain.com and so on for Other groups as well.

Tags (3)
0 Karma
Reply

jtrucks
Splunk Employee
Splunk Employee
‎11-07-2013 11:50 AM

Without writing the actual code, I'll answer in terms of methodology.

Whatever program you use to parse the results, you need it to read each line into an array such that you have:
ARRAY[0] = contents of IssueTracked for that line
ARRAY[1] = contents of IssueResolved for that line
ARRAY[2] = contents of NetworkGroup for that line
ARRAY[3] = contents of EmailsInGroup for that line

Then you iterate through your array of arrays (or line by line as input comes in) to email all users in ARRAY[3] with the body contents the headers and values from ARRAY[0], ARRAY[1], and ARRAY[2].

It shouldn't be that much work in all. You could do it in nearly any language, too.

--
Jesse Trucks
Minister of Magic
Reply

rakesh_498115
Motivator
‎11-07-2013 01:05 PM

Thanks jtrucks..I had the idea of arrays..but couldn't start of like while streaming the searchresults in the search Window how can we group them into arrays?..can u give me initial steps pls

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...