Knowledge Management

Workflow Action - Can I use Mailto?

Matthias_BY
Communicator

Hello,

i want to allow my people to mail an event in a custom format to other people out of splunk manually.

so i'm looking for a way to involve the workflow action for event types. i tried to use like:

mailto:test@test.com?subject="ALARM-Stufe_Rot_$host$?body=Hello_that_is_body_test_with_clientip_$clientip$

this does not work. the workflow does only appear if a URL is included...

does someone know how i can work around this? copy into clipboard would also work, but i think with the MailTo it might be easier.

br
matthias

Labels (1)
Tags (1)
0 Karma
2 Solutions

rturk
Builder

I think you're going to have trouble launching an external email client from a workflow action because the only possible actions are GET, POST, and launching another Splunk search based on the returned results.

Both the GET & POST actions require a target URL, so unless you have a web-based email client that will allow you to invoke a new email by a URL, I think you're out of luck.

Happy to be proved wrong though!

Ref: http://docs.splunk.com/Documentation/Splunk/5.0.4/Knowledge/CreateworkflowactionsinSplunkWeb

View solution in original post

0 Karma

MuS
SplunkTrust
SplunkTrust

Just did a quick check and did setup a workflow with a POST URI mailto://anyEmail@SomeCompany.com and if I select the workflow, the default email client opens up with an email.....

although the email address looks strange in the mail (it includes the // ), I was able to test and add $_raw$ to the body of the email.

It looks like it is possible somehow....

View solution in original post

haraksin
Path Finder

You can also solve this using the sendemail command in a search-type workflow action:

| sendemail to=$owner@my.url$ subject="New Notable in: $title$" message="How are you guys doing? This has src $src$ dest $dest$ and severity $urgency$"

aakwah
Builder

I believe this should be the answer of the question as non of the other solutions worked for Splunk ES version 7.

sendemail - Splunk Documentation

0 Karma

timpacl
Path Finder

I am doing this in a workflow. It is as simple as setting the link using mailto protocol (ie. mailto:me@work.com?Subject=Time to go home). mailto is a valid link format and so can be used. Open link in current window to avoid opening a blank tab in the browser. You can embed fields ($host$, $_raw$, etc).

0 Karma

MuS
SplunkTrust
SplunkTrust

Just did a quick check and did setup a workflow with a POST URI mailto://anyEmail@SomeCompany.com and if I select the workflow, the default email client opens up with an email.....

although the email address looks strange in the mail (it includes the // ), I was able to test and add $_raw$ to the body of the email.

It looks like it is possible somehow....

MuS
SplunkTrust
SplunkTrust

Converted my comment to an answer, so you could accept it 😉 cheers, MuS

0 Karma

Matthias_BY
Communicator

Thanks - that looks good. but even the // is bad within the mail client... i think the best workaround is to forward via workflow action a a small wepage with PHP content and add the content as values and then with a few lines of php code display everything and launch the mail client from there.

0 Karma

rturk
Builder

I think you're going to have trouble launching an external email client from a workflow action because the only possible actions are GET, POST, and launching another Splunk search based on the returned results.

Both the GET & POST actions require a target URL, so unless you have a web-based email client that will allow you to invoke a new email by a URL, I think you're out of luck.

Happy to be proved wrong though!

Ref: http://docs.splunk.com/Documentation/Splunk/5.0.4/Knowledge/CreateworkflowactionsinSplunkWeb

0 Karma

Matthias_BY
Communicator

Hi RT,

i'm looking to launch a email client with predefinied subject and body. so they have the chance to edit it and then send it out.

0 Karma

rturk
Builder

Hi Matthias,

Are you looking to send an email immediately after selecting the workflow link, or are you looking to launch a email client with the subject & body pre-filled for sending? I'm guessing the former, but thought I'd ask.

RT

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...