Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to avoid sending an empty report?

danielbb
Motivator
‎04-29-2025 08:32 AM

Is there a way to avoid sending an empty report? I'm thinking about converting the report to an alert but the customer would like to keep it as a report. 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-29-2025 08:45 AM

Hi @danielbb ,

instead a scheduled report, use an alert that fires if results is greater than 0.

Ciao.

Giuseppe

Reply

livehybrid
Super Champion
‎04-29-2025 08:38 AM

Hi @danielbb 

If you want to be able to conditionally run the email alert action then it needs to be an Alert rather than a report. This allows you to only send if the number of results > 0.

What are the customers reservations about having an alert vs report? They are pretty much the same thing.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Get Updates on the Splunk Community!

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...

Splunk Answers Content Calendar, June Edition II

Get ready to dive into Splunk Dashboard panels this week! We'll be tackling common questions around ...

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Top