Reporting

How do you Include a search string in a Splunk email PDF delivery?

cboonyan
New Member

I am intending to schedule Splunk email delivery. Is it possible to display the search string inside this generated pdf?

0 Karma

jvardev
Path Finder

Hi @cboonyan ,

Try include predefined tokens in your report without use options form. Token $search$ contains the search.
Find more info and full token list on doc:

http://docs.splunk.com/Documentation/Splunk/7.1.2/AdvancedDev/ModAlertsLog

Greetings. jvardev.

0 Karma

cboonyan
New Member

hi, I have tried to include $search$ into the message field according to http://docs.splunk.com/Documentation/Splunk/6.5.5/Alert/EmailNotificationTokens. However, when I sent a test email, the token resolves to nothing. The default $name$ token however resolves to something. I have tried both report into dashboard and inline report panel but both exhibits same blank result for $search$.

0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

hi @cboonyan

Did either of the answers below solve your problem? If so, please resolve this post by approving one of them.
If your problem is still not solved, keep us updated so that someone else can help ya.

Thanks!

0 Karma

inventsekar
SplunkTrust
SplunkTrust

Hi.. you can edit the report and choose the "Trigger Actions" ---> Send Mail ----> under the "Include" area, select the "Search String", save the report. this will resolve your task. if any issues, let us know. thanks.
alt text

(Please, once issue resolved, you can upvote/accept as answer, so that the question will be marked as resolved)

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

cboonyan
New Member

thanks for your response, I have checked and there isn't the Include: Search String option in the send mail pop up form. I am guessing it is due to the version of splunk I'm using, which unfortunately upgrading it is out of my control. Will I be able to use the dashboard source to include the search string using the tags?

0 Karma

inventsekar
SplunkTrust
SplunkTrust

ok then, if your query is resolved, can you please accept this as the answer.. so that it will be marked as the answered question.

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma

iamarkaprabha
Contributor

Hi cboonyan,

If you are looking for email notification for an alert or scheduled report then it can be possible to include the search strings.
If you are thinking of delivering the dashboard in PDF then probably i have to check again

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...