Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to avoid sending an empty report?

danielbb
Motivator
‎04-29-2025 08:32 AM

Is there a way to avoid sending an empty report? I'm thinking about converting the report to an alert but the customer would like to keep it as a report. 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-29-2025 08:45 AM

Hi @danielbb ,

instead a scheduled report, use an alert that fires if results is greater than 0.

Ciao.

Giuseppe

Reply

livehybrid
SplunkTrust
SplunkTrust
‎04-29-2025 08:38 AM

Hi @danielbb 

If you want to be able to conditionally run the email alert action then it needs to be an Alert rather than a report. This allows you to only send if the number of results > 0.

What are the customers reservations about having an alert vs report? They are pretty much the same thing.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...