Reporting

How do you Include a search string in a Splunk email PDF delivery?

cboonyan
New Member

I am intending to schedule Splunk email delivery. Is it possible to display the search string inside this generated pdf?

0 Karma

jvardev
Path Finder

Hi @cboonyan ,

Try include predefined tokens in your report without use options form. Token $search$ contains the search.
Find more info and full token list on doc:

http://docs.splunk.com/Documentation/Splunk/7.1.2/AdvancedDev/ModAlertsLog

Greetings. jvardev.

0 Karma

cboonyan
New Member

hi, I have tried to include $search$ into the message field according to http://docs.splunk.com/Documentation/Splunk/6.5.5/Alert/EmailNotificationTokens. However, when I sent a test email, the token resolves to nothing. The default $name$ token however resolves to something. I have tried both report into dashboard and inline report panel but both exhibits same blank result for $search$.

0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

hi @cboonyan

Did either of the answers below solve your problem? If so, please resolve this post by approving one of them.
If your problem is still not solved, keep us updated so that someone else can help ya.

Thanks!

0 Karma

inventsekar
Super Champion

Hi.. you can edit the report and choose the "Trigger Actions" ---> Send Mail ----> under the "Include" area, select the "Search String", save the report. this will resolve your task. if any issues, let us know. thanks.
alt text

(Please, once issue resolved, you can upvote/accept as answer, so that the question will be marked as resolved)

PS ... If any post helped you in any way, pls give a hi-five to the author with an upvote. if your issue got resolved, please accept the reply as solution.. thanks.

cboonyan
New Member

thanks for your response, I have checked and there isn't the Include: Search String option in the send mail pop up form. I am guessing it is due to the version of splunk I'm using, which unfortunately upgrading it is out of my control. Will I be able to use the dashboard source to include the search string using the tags?

0 Karma

inventsekar
Super Champion

ok then, if your query is resolved, can you please accept this as the answer.. so that it will be marked as the answered question.

PS ... If any post helped you in any way, pls give a hi-five to the author with an upvote. if your issue got resolved, please accept the reply as solution.. thanks.
0 Karma

iamarkaprabha
Contributor

Hi cboonyan,

If you are looking for email notification for an alert or scheduled report then it can be possible to include the search strings.
If you are thinking of delivering the dashboard in PDF then probably i have to check again

Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...