Other Usage
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to not send email for splunk report if no results are found?

anjana
New Member
‎09-26-2023 01:23 AM

How to not send splunk report via email if no result are found .I cannot change it to alert and use number of results  >0 as I need to send it as a report with records . So I need to implement this as a report only not as alert.I have gone through the existing posts but could not find a solution ?

 

Is there any settings in advanced Edit which could help?

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-26-2023 03:17 AM

If you go straight to sendemail command, it will execute every time, it just might send empty set of results.

You could use the map command to execute a search (in this case - the sendemail one) for each result. Two caveats though:

1. map is considered a risky command so you need additional permissions to run it (and judging from the fact that you can't define an alert I assume you might not have those capabilities).

2. The subsearch is called for every result in your pipeline separately so if you want to just send the whole batch of your main search, you'd need to firts combine it into a single row, pass it to the map command and then "unpack" it again into multiple lines within the subsearch. A bit ugly.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...