Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you Include a search string in a Splunk email PDF delivery?

cboonyan
New Member
‎10-08-2018 06:01 PM

I am intending to schedule Splunk email delivery. Is it possible to display the search string inside this generated pdf?

0 Karma
Reply

jvardev
Path Finder
‎10-11-2018 02:16 AM

Hi @cboonyan ,

Try include predefined tokens in your report without use options form. Token $search$ contains the search.
Find more info and full token list on doc:

http://docs.splunk.com/Documentation/Splunk/7.1.2/AdvancedDev/ModAlertsLog

Greetings. jvardev.

0 Karma
Reply

cboonyan
New Member
‎10-11-2018 08:04 PM

hi, I have tried to include $search$ into the message field according to http://docs.splunk.com/Documentation/Splunk/6.5.5/Alert/EmailNotificationTokens. However, when I sent a test email, the token resolves to nothing. The default $name$ token however resolves to something. I have tried both report into dashboard and inline report panel but both exhibits same blank result for $search$.

0 Karma
Reply

mstjohn_splunk
Splunk Employee
Splunk Employee
‎10-09-2018 12:46 PM

hi @cboonyan

Did either of the answers below solve your problem? If so, please resolve this post by approving one of them.
If your problem is still not solved, keep us updated so that someone else can help ya.

Thanks!

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-08-2018 11:49 PM

Hi.. you can edit the report and choose the "Trigger Actions" ---> Send Mail ----> under the "Include" area, select the "Search String", save the report. this will resolve your task. if any issues, let us know. thanks.
alt text

(Please, once issue resolved, you can upvote/accept as answer, so that the question will be marked as resolved)

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Preview file
84 KB
Reply

cboonyan
New Member
‎10-11-2018 12:51 AM

thanks for your response, I have checked and there isn't the Include: Search String option in the send mail pop up form. I am guessing it is due to the version of splunk I'm using, which unfortunately upgrading it is out of my control. Will I be able to use the dashboard source to include the search string using the tags?

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-11-2018 04:54 AM

ok then, if your query is resolved, can you please accept this as the answer.. so that it will be marked as the answered question.

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

iamarkaprabha
Contributor
‎10-08-2018 10:45 PM

Hi cboonyan,

If you are looking for email notification for an alert or scheduled report then it can be possible to include the search strings.
If you are thinking of delivering the dashboard in PDF then probably i have to check again

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...