Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can we Split the results based on the users and email them ?

rakesh_498115
Motivator
‎11-07-2013 06:37 AM

Hi..

I am trying to find the custom script which emails the conents of the search results specific to the users. I have a huge result for my search , in that result they are n of user's with their email ids , so i need the data that belongs to the user in a email.

Can any one help in customizing the sendemail.py script to do this pls ?

my sample output data is something like this :

IssueTracked IssueResovled NetworkGroup EmailsInGroup
30 20 A user1@domain.com,user2@domain.com
50 30 A user1@domain.com,user2@domain.com
70 20 B user3@domain.com,user4@domain.com
71 50 C user5@domain.com

Now in the above output , i want the NetworkGroup Data say "A" , should be emailed to those user email ids only i.e user1@domain.com,user2@domain.com and so on for Other groups as well.

Tags (3)
0 Karma
Reply

jtrucks
Splunk Employee
Splunk Employee
‎11-07-2013 11:50 AM

Without writing the actual code, I'll answer in terms of methodology.

Whatever program you use to parse the results, you need it to read each line into an array such that you have:
ARRAY[0] = contents of IssueTracked for that line
ARRAY[1] = contents of IssueResolved for that line
ARRAY[2] = contents of NetworkGroup for that line
ARRAY[3] = contents of EmailsInGroup for that line

Then you iterate through your array of arrays (or line by line as input comes in) to email all users in ARRAY[3] with the body contents the headers and values from ARRAY[0], ARRAY[1], and ARRAY[2].

It shouldn't be that much work in all. You could do it in nearly any language, too.

--
Jesse Trucks
Minister of Magic
Reply

rakesh_498115
Motivator
‎11-07-2013 01:05 PM

Thanks jtrucks..I had the idea of arrays..but couldn't start of like while streaming the searchresults in the search Window how can we group them into arrays?..can u give me initial steps pls

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...