Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can we Split the results based on the users and email them ?

rakesh_498115
Motivator
‎11-07-2013 06:37 AM

Hi..

I am trying to find the custom script which emails the conents of the search results specific to the users. I have a huge result for my search , in that result they are n of user's with their email ids , so i need the data that belongs to the user in a email.

Can any one help in customizing the sendemail.py script to do this pls ?

my sample output data is something like this :

IssueTracked IssueResovled NetworkGroup EmailsInGroup
30 20 A user1@domain.com,user2@domain.com
50 30 A user1@domain.com,user2@domain.com
70 20 B user3@domain.com,user4@domain.com
71 50 C user5@domain.com

Now in the above output , i want the NetworkGroup Data say "A" , should be emailed to those user email ids only i.e user1@domain.com,user2@domain.com and so on for Other groups as well.

Tags (3)
0 Karma
Reply

jtrucks
Splunk Employee
Splunk Employee
‎11-07-2013 11:50 AM

Without writing the actual code, I'll answer in terms of methodology.

Whatever program you use to parse the results, you need it to read each line into an array such that you have:
ARRAY[0] = contents of IssueTracked for that line
ARRAY[1] = contents of IssueResolved for that line
ARRAY[2] = contents of NetworkGroup for that line
ARRAY[3] = contents of EmailsInGroup for that line

Then you iterate through your array of arrays (or line by line as input comes in) to email all users in ARRAY[3] with the body contents the headers and values from ARRAY[0], ARRAY[1], and ARRAY[2].

It shouldn't be that much work in all. You could do it in nearly any language, too.

--
Jesse Trucks
Minister of Magic
Reply

rakesh_498115
Motivator
‎11-07-2013 01:05 PM

Thanks jtrucks..I had the idea of arrays..but couldn't start of like while streaming the searchresults in the search Window how can we group them into arrays?..can u give me initial steps pls

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...