i want to allow my people to mail an event in a custom format to other people out of splunk manually.
so i'm looking for a way to involve the workflow action for event types. i tried to use like:
this does not work. the workflow does only appear if a URL is included...
does someone know how i can work around this? copy into clipboard would also work, but i think with the MailTo it might be easier.
Are you looking to send an email immediately after selecting the workflow link, or are you looking to launch a email client with the subject & body pre-filled for sending? I'm guessing the former, but thought I'd ask.
i'm looking to launch a email client with predefinied subject and body. so they have the chance to edit it and then send it out.
I think you're going to have trouble launching an external email client from a workflow action because the only possible actions are GET, POST, and launching another Splunk search based on the returned results.
Both the GET & POST actions require a target URL, so unless you have a web-based email client that will allow you to invoke a new email by a URL, I think you're out of luck.
Happy to be proved wrong though!
Just did a quick check and did setup a workflow with a POST URI mailto://anyEmail@SomeCompany.com and if I select the workflow, the default email client opens up with an email.....
although the email address looks strange in the mail (it includes the // ), I was able to test and add $_raw$ to the body of the email.
It looks like it is possible somehow....
Thanks - that looks good. but even the // is bad within the mail client... i think the best workaround is to forward via workflow action a a small wepage with PHP content and add the content as values and then with a few lines of php code display everything and launch the mail client from there.
I am doing this in a workflow. It is as simple as setting the link using mailto protocol (ie. mailto:firstname.lastname@example.org?Subject=Time to go home). mailto is a valid link format and so can be used. Open link in current window to avoid opening a blank tab in the browser. You can embed fields ($host$, $_raw$, etc).
You can also solve this using the
sendemail command in a search-type workflow action:
| sendemail email@example.com$ subject="New Notable in: $title$" message="How are you guys doing? This has src $src$ dest $dest$ and severity $urgency$"