Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to avoid sending an empty report?

danielbb
Motivator
‎04-29-2025 08:32 AM

Is there a way to avoid sending an empty report? I'm thinking about converting the report to an alert but the customer would like to keep it as a report. 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-29-2025 08:45 AM

Hi @danielbb ,

instead a scheduled report, use an alert that fires if results is greater than 0.

Ciao.

Giuseppe

Reply

livehybrid
SplunkTrust
SplunkTrust
‎04-29-2025 08:38 AM

Hi @danielbb 

If you want to be able to conditionally run the email alert action then it needs to be an Alert rather than a report. This allows you to only send if the number of results > 0.

What are the customers reservations about having an alert vs report? They are pretty much the same thing.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...