I need to send an Email based on a if condition. Something like "if (value > 10) send an email". But I am not able to figure out how to do this.
I am trying this with eval. But this only assigns the value to a variable(LoginQuality).
"eval LoginQuality= if (AverageLoginTime >10, "More", "Less")".
I need to make change/modify this statement to send an email depending on the condition.
Can someone help me with this?
You can do this with a sub search. Check this out:
index="_internal" group="per_source_thruput" | search series!="_audit" | search series!="_internal" | eval GB=(kb/1024)/1024 | stats sum(GB) as Hourly_Indexed_GB | eval test=if(Hourly_Indexed_GB > 20.3 ,[| search index="_internal" group="per_source_thruput" | search series!="_audit" | search series!="_internal" | eval GB=(kb/1024)/1024 | stats sum(GB) as GB | table GB | sendemail to="email@somewhere.com" format=html subject=Splunk_License_warn server=Your_Mail_Server sendresults=true],"0" )
The gist of this is to include an if statement and place a sub search on the true or false clause of the if. The sub search uses the sendmail command to send you the results.
If I understand your goal here, it's possible that an "advanced conditional alert" will suit your needs. Check out http://docs.splunk.com/Documentation/Splunk/4.2.3/User/SchedulingSavedSearches and search for the section "Define an advanced conditional alert".
I think that using a conditional alert of the form
search LoginQuality > 10
should get you close to what you want...
You need to configure Splunk with a proper connection to a valid SMTP server. I doubt that proxy.com:8080
is a valid SMTP server. You need to make sure your basic SMTP connection is working before trying to move on to conditional alerts and stuff.
I am trying this command --> sendemail to="user@domain.com" sendresults=true server="proxy.com:8080" and it gives the error like -->
"command="sendemail", Connection unexpectedly closed while sending mail to: user@domain.com"
Yes I am trying the same, but currently I am getting some error. "command="sendemail", [Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: hitesh@domain.com"".
Looks like some configuration issue. Kindly let me know if anyone has resolved this issue
Under Manager/Searches and Reports you can schedule your e-mails. This is a feature that veries quite a bit between version. The later versions have better control over this.
I have not personaly done this, but an other has on our system. I would expect that sendmail [on a unix system] must be accepting request, well at leat on 127.0.0.1
Yes right, I am doing the same thing and getting some error like
command="sendemail", [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond while sending mail to: "username@mail.com"
there is a sendmail command,
| eval send = if(AverageLoginTime>10,true,false)
| search send=true
| sendmail {arg list}
http://docs.splunk.com/Documentation/Splunk/4.3.2/SearchReference/Sendemail
If sending mail based on condition like "if (AvearageLoginTime > 10) send an email" is not possible, then I tried using Manager/Searches and Reports.
But it does not seem to send any mails. Any idea if I need to do any configuration.
I want to do this either from the search command or from a python script.
From the search query/command, I get the AverageLoginTime value and based on this value I need to send the mail.
So I am looking for some command like "if (AvearageLoginTime > 10) send an email"