Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can Splunk send a file as attachment without reading the content or data in the file ?

vchennuri
Engager
‎09-03-2019 07:24 AM

Can Splunk send a file as attachment without reading the content or data in the file

0 Karma
Reply

vchennuri
Engager
‎09-03-2019 09:57 AM

A file is generated every day having data of 10 to 20 lines in a location with the difference in file name. Can splunk read the data in generated file and send the file as an email alert whenever that new file is generated ?

0 Karma
Reply

solarboyz1
Builder
‎09-03-2019 10:16 AM

Sort of...

You would monitor the location the files are produced:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Monitorfilesanddirectorieswithinputs.conf

You would create a search looking for new events from the input you just created.

Assuming your inputs, timestamps, and timezones are set correctly, any new events would indicate a new file.

In which case, you would schedule a search every X minutes, configure the email to generate a single email, and attach the search results.

0 Karma
Reply

solarboyz1
Builder
‎09-03-2019 09:15 AM

I dont know of any way for Splunk to attach a non-search produced file to an email using the standard "Send Email" alert action.

This can be accomplished by creating an alert action, which could send an email and attach a document:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Alert/Configuringscriptedalerts

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-03-2019 08:25 AM

Send it where? What is your use case?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...