Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do you Include a search string in a Splunk email PDF delivery?

cboonyan
New Member
‎10-08-2018 06:01 PM

I am intending to schedule Splunk email delivery. Is it possible to display the search string inside this generated pdf?

0 Karma
Reply

jvardev
Path Finder
‎10-11-2018 02:16 AM

Hi @cboonyan ,

Try include predefined tokens in your report without use options form. Token $search$ contains the search.
Find more info and full token list on doc:

http://docs.splunk.com/Documentation/Splunk/7.1.2/AdvancedDev/ModAlertsLog

Greetings. jvardev.

0 Karma
Reply

cboonyan
New Member
‎10-11-2018 08:04 PM

hi, I have tried to include $search$ into the message field according to http://docs.splunk.com/Documentation/Splunk/6.5.5/Alert/EmailNotificationTokens. However, when I sent a test email, the token resolves to nothing. The default $name$ token however resolves to something. I have tried both report into dashboard and inline report panel but both exhibits same blank result for $search$.

0 Karma
Reply

mstjohn_splunk
Splunk Employee
Splunk Employee
‎10-09-2018 12:46 PM

hi @cboonyan

Did either of the answers below solve your problem? If so, please resolve this post by approving one of them.
If your problem is still not solved, keep us updated so that someone else can help ya.

Thanks!

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-08-2018 11:49 PM

Hi.. you can edit the report and choose the "Trigger Actions" ---> Send Mail ----> under the "Include" area, select the "Search String", save the report. this will resolve your task. if any issues, let us know. thanks.
alt text

(Please, once issue resolved, you can upvote/accept as answer, so that the question will be marked as resolved)

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Preview file
1 KB
Reply

cboonyan
New Member
‎10-11-2018 12:51 AM

thanks for your response, I have checked and there isn't the Include: Search String option in the send mail pop up form. I am guessing it is due to the version of splunk I'm using, which unfortunately upgrading it is out of my control. Will I be able to use the dashboard source to include the search string using the tags?

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-11-2018 04:54 AM

ok then, if your query is resolved, can you please accept this as the answer.. so that it will be marked as the answered question.

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

iamarkaprabha
Contributor
‎10-08-2018 10:45 PM

Hi cboonyan,

If you are looking for email notification for an alert or scheduled report then it can be possible to include the search strings.
If you are thinking of delivering the dashboard in PDF then probably i have to check again

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...