I need to send an Email based on a if condition. Something like "if (value > 10) send an email". But I am not able to figure out how to do this.
I am trying this with eval. But this only assigns the value to a variable(LoginQuality).
"eval LoginQuality= if (AverageLoginTime >10, "More", "Less")".
I need to make change/modify this statement to send an email depending on the condition.
Can someone help me with this?
You can do this with a sub search. Check this out:
index="_internal" group="per_source_thruput" | search series!="_audit" | search series!="_internal" | eval GB=(kb/1024)/1024 | stats sum(GB) as Hourly_Indexed_GB | eval test=if(Hourly_Indexed_GB > 20.3 ,[| search index="_internal" group="per_source_thruput" | search series!="_audit" | search series!="_internal" | eval GB=(kb/1024)/1024 | stats sum(GB) as GB | table GB | sendemail to="email@example.com" format=html subject=Splunk_License_warn server=Your_Mail_Server sendresults=true],"0" )
If I understand your goal here, it's possible that an "advanced conditional alert" will suit your needs. Check out http://docs.splunk.com/Documentation/Splunk/4.2.3/User/SchedulingSavedSearches and search for the section "Define an advanced conditional alert".
I think that using a conditional alert of the form
search LoginQuality > 10
should get you close to what you want...
You need to configure Splunk with a proper connection to a valid SMTP server. I doubt that
proxy.com:8080 is a valid SMTP server. You need to make sure your basic SMTP connection is working before trying to move on to conditional alerts and stuff.
Yes I am trying the same, but currently I am getting some error. "command="sendemail", [Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: firstname.lastname@example.org"".
Looks like some configuration issue. Kindly let me know if anyone has resolved this issue
Yes right, I am doing the same thing and getting some error like
command="sendemail", [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond while sending mail to: "email@example.com"
If sending mail based on condition like "if (AvearageLoginTime > 10) send an email" is not possible, then I tried using Manager/Searches and Reports.
But it does not seem to send any mails. Any idea if I need to do any configuration.
I want to do this either from the search command or from a python script.
From the search query/command, I get the AverageLoginTime value and based on this value I need to send the mail.
So I am looking for some command like "if (AvearageLoginTime > 10) send an email"