Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Can we Split the results based on the users and email them ?

rakesh_498115
Motivator
‎11-07-2013 06:37 AM

Hi..

I am trying to find the custom script which emails the conents of the search results specific to the users. I have a huge result for my search , in that result they are n of user's with their email ids , so i need the data that belongs to the user in a email.

Can any one help in customizing the sendemail.py script to do this pls ?

my sample output data is something like this :

IssueTracked IssueResovled NetworkGroup EmailsInGroup
30 20 A user1@domain.com,user2@domain.com
50 30 A user1@domain.com,user2@domain.com
70 20 B user3@domain.com,user4@domain.com
71 50 C user5@domain.com

Now in the above output , i want the NetworkGroup Data say "A" , should be emailed to those user email ids only i.e user1@domain.com,user2@domain.com and so on for Other groups as well.

Tags (3)
0 Karma
Reply

jtrucks
Splunk Employee
Splunk Employee
‎11-07-2013 11:50 AM

Without writing the actual code, I'll answer in terms of methodology.

Whatever program you use to parse the results, you need it to read each line into an array such that you have:
ARRAY[0] = contents of IssueTracked for that line
ARRAY[1] = contents of IssueResolved for that line
ARRAY[2] = contents of NetworkGroup for that line
ARRAY[3] = contents of EmailsInGroup for that line

Then you iterate through your array of arrays (or line by line as input comes in) to email all users in ARRAY[3] with the body contents the headers and values from ARRAY[0], ARRAY[1], and ARRAY[2].

It shouldn't be that much work in all. You could do it in nearly any language, too.

--
Jesse Trucks
Minister of Magic
Reply

rakesh_498115
Motivator
‎11-07-2013 01:05 PM

Thanks jtrucks..I had the idea of arrays..but couldn't start of like while streaming the searchresults in the search Window how can we group them into arrays?..can u give me initial steps pls

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...