Knowledge Management

Workflow Action - Can I use Mailto?

Matthias_BY
Communicator

Hello,

i want to allow my people to mail an event in a custom format to other people out of splunk manually.

so i'm looking for a way to involve the workflow action for event types. i tried to use like:

mailto:test@test.com?subject="ALARM-Stufe_Rot_$host$?body=Hello_that_is_body_test_with_clientip_$clientip$

this does not work. the workflow does only appear if a URL is included...

does someone know how i can work around this? copy into clipboard would also work, but i think with the MailTo it might be easier.

br
matthias

Labels (1)
Tags (1)
0 Karma
2 Solutions

rturk
Builder

I think you're going to have trouble launching an external email client from a workflow action because the only possible actions are GET, POST, and launching another Splunk search based on the returned results.

Both the GET & POST actions require a target URL, so unless you have a web-based email client that will allow you to invoke a new email by a URL, I think you're out of luck.

Happy to be proved wrong though!

Ref: http://docs.splunk.com/Documentation/Splunk/5.0.4/Knowledge/CreateworkflowactionsinSplunkWeb

View solution in original post

0 Karma

MuS
Legend

Just did a quick check and did setup a workflow with a POST URI mailto://anyEmail@SomeCompany.com and if I select the workflow, the default email client opens up with an email.....

although the email address looks strange in the mail (it includes the // ), I was able to test and add $_raw$ to the body of the email.

It looks like it is possible somehow....

View solution in original post

haraksin
Path Finder

You can also solve this using the sendemail command in a search-type workflow action:

| sendemail to=$owner@my.url$ subject="New Notable in: $title$" message="How are you guys doing? This has src $src$ dest $dest$ and severity $urgency$"

aakwah
Builder

I believe this should be the answer of the question as non of the other solutions worked for Splunk ES version 7.

sendemail - Splunk Documentation

0 Karma

timpacl
Path Finder

I am doing this in a workflow. It is as simple as setting the link using mailto protocol (ie. mailto:me@work.com?Subject=Time to go home). mailto is a valid link format and so can be used. Open link in current window to avoid opening a blank tab in the browser. You can embed fields ($host$, $_raw$, etc).

0 Karma

MuS
Legend

Just did a quick check and did setup a workflow with a POST URI mailto://anyEmail@SomeCompany.com and if I select the workflow, the default email client opens up with an email.....

although the email address looks strange in the mail (it includes the // ), I was able to test and add $_raw$ to the body of the email.

It looks like it is possible somehow....

MuS
Legend

Converted my comment to an answer, so you could accept it 😉 cheers, MuS

0 Karma

Matthias_BY
Communicator

Thanks - that looks good. but even the // is bad within the mail client... i think the best workaround is to forward via workflow action a a small wepage with PHP content and add the content as values and then with a few lines of php code display everything and launch the mail client from there.

0 Karma

rturk
Builder

I think you're going to have trouble launching an external email client from a workflow action because the only possible actions are GET, POST, and launching another Splunk search based on the returned results.

Both the GET & POST actions require a target URL, so unless you have a web-based email client that will allow you to invoke a new email by a URL, I think you're out of luck.

Happy to be proved wrong though!

Ref: http://docs.splunk.com/Documentation/Splunk/5.0.4/Knowledge/CreateworkflowactionsinSplunkWeb

0 Karma

Matthias_BY
Communicator

Hi RT,

i'm looking to launch a email client with predefinied subject and body. so they have the chance to edit it and then send it out.

0 Karma

rturk
Builder

Hi Matthias,

Are you looking to send an email immediately after selecting the workflow link, or are you looking to launch a email client with the subject & body pre-filled for sending? I'm guessing the former, but thought I'd ask.

RT

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...