Re: How to avoid sending an empty report?

danielbb · ‎04-29-2025

Is there a way to avoid sending an empty report? I'm thinking about converting the report to an alert but the customer would like to keep it as a report.

gcusello · ‎04-29-2025

Hi @danielbb ,

instead a scheduled report, use an alert that fires if results is greater than 0.

Ciao.

Giuseppe

livehybrid · ‎04-29-2025

Hi @danielbb

If you want to be able to conditionally run the email alert action then it needs to be an Alert rather than a report. This allows you to only send if the number of results > 0.

What are the customers reservations about having an alert vs report? They are pretty much the same thing.

🌟 Did this answer help you? If so, please consider:

Adding karma to show it was useful
Marking it as the solution if it resolved your issue
Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

How to avoid sending an empty report?

other

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

Index This | What has goals but no motivation?

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Join the Conversation