and I want to be able to dynamically find what are the registered users on the server and send one email to all (using bcc) alerting about a maintenance window for that server, from the command line. I would like something like this to work:
sendemail [ | rest splunk_server=local /servicesNS/-/-/authentication/users count=0 | fields email | stats values(email) as BCC
| nomv BCC | rex mode=sed field=BCC "s/ /,/g" | fields BCC]
subject="Splunk Server $servername$ Maintenance Notice"
message="Splunk Server $servername$ will be under maintenance from 2015-08-27 00:00 to 2015-08-27 03:00."
inline=true server=localhost sendresults=false"
but from the command line. How do I do that? The idea is to be able to alert all users before a maintenance takes place, which would prevent them to log to the Search Head and eventually get that from the UI messages function. Thank you very much.
Thank you! I realized that I need to filter out the users that has access to the particular search head that I need to take into maintenance. How could I filter by the AD groups that the users belongs to? We assing the user to a group named G_, so if I could match the security group with the search head hostname, I could send the email only to the people that has access to it.