Other Usage
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to not send email for splunk report if no results are found?

anjana
New Member
‎09-26-2023 01:23 AM

How to not send splunk report via email if no result are found .I cannot change it to alert and use number of results  >0 as I need to send it as a report with records . So I need to implement this as a report only not as alert.I have gone through the existing posts but could not find a solution ?

 

Is there any settings in advanced Edit which could help?

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-26-2023 03:17 AM

If you go straight to sendemail command, it will execute every time, it just might send empty set of results.

You could use the map command to execute a search (in this case - the sendemail one) for each result. Two caveats though:

1. map is considered a risky command so you need additional permissions to run it (and judging from the fact that you can't define an alert I assume you might not have those capabilities).

2. The subsearch is called for every result in your pipeline separately so if you want to just send the whole batch of your main search, you'd need to firts combine it into a single row, pass it to the map command and then "unpack" it again into multiple lines within the subsearch. A bit ugly.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...