I have a dashboard which I need to be emailed out as a PDF if a condition is true. I've tried using "Schedule PDF Delivery" but this only gives the option to send the dashboard as a PDF at a certain time.
Here's a basic example of what I'm looking for
| eval Send_PDF_Email=if(Error_Count>75,'Send_Email',"")
Where if the Error_Count
field is greater than 75, it will send the dashboard PDF email
I was able to create a solution to this problem!
First I have an alert with the conditional logic. Here's a very basic test alert
| makeresults
| eval count=5
| eval ALERT=if(count<6,"ALERT","")
| table ALERT
You should then set the trigger to custom
and search ALERT=ALERT
and set it to trigger the script
I then created it to run every 1 minute on a cron schedule. I then disabled the alert until it's ready to test
I then created a script which will be triggered by the alert. This script will first generate a PDF of the dashboard using cURL. It will then use mutt
to send the PDF from the command line. It will wait 10 seconds, then do some GC on the file system
#!/bin/bash
#This will generate a PDF file of the dashboard.
#This will be triggered by an alert
curl -u svc_acct:xxxxxx -k 'https://localhost:8089/services/pdfgen/render?input-dashboard=<dashboard_name>&namespace=search&paper-size=a4-landscape' >> /tmp/Report_Name.pdf
# This will email the report
mutt -s "Impact Report" -a /tmp/Impact_Report.pdf < /dev/null -- abc@abc.com
#This will wait 10 seconds before deleting the PDF file
sleep 10s
#This will remove the PDF file from the file system after its emailed
rm /tmp/Impact_Report.pdf
rm ~/sent
Then enable the alert and wait 1 minute and the email will appear with the dashboard attachment. You can then disable the alert so you don't get spammed.
I was able to create a solution to this problem!
First I have an alert with the conditional logic. Here's a very basic test alert
| makeresults
| eval count=5
| eval ALERT=if(count<6,"ALERT","")
| table ALERT
You should then set the trigger to custom
and search ALERT=ALERT
and set it to trigger the script
I then created it to run every 1 minute on a cron schedule. I then disabled the alert until it's ready to test
I then created a script which will be triggered by the alert. This script will first generate a PDF of the dashboard using cURL. It will then use mutt
to send the PDF from the command line. It will wait 10 seconds, then do some GC on the file system
#!/bin/bash
#This will generate a PDF file of the dashboard.
#This will be triggered by an alert
curl -u svc_acct:xxxxxx -k 'https://localhost:8089/services/pdfgen/render?input-dashboard=<dashboard_name>&namespace=search&paper-size=a4-landscape' >> /tmp/Report_Name.pdf
# This will email the report
mutt -s "Impact Report" -a /tmp/Impact_Report.pdf < /dev/null -- abc@abc.com
#This will wait 10 seconds before deleting the PDF file
sleep 10s
#This will remove the PDF file from the file system after its emailed
rm /tmp/Impact_Report.pdf
rm ~/sent
Then enable the alert and wait 1 minute and the email will appear with the dashboard attachment. You can then disable the alert so you don't get spammed.
I would consider using a correlation search to achieve this.
From the home page go to Configure > Content Management.
Click "Create New Content" and select "Correlation Search".
Name it however you want, and paste the dashboard search into the "Search" box.
Set your time window you want the search to look through. Set the Cron Schedule to run every X minutes/hours, where X is the length of the time window.
Set your Trigger Condition to be whatever your threshold is.
Go to the bottom and click "+ Add New Response Action" and select "Send email".
Enter your email address and make sure you select "Attach PDF" at the bottom of the gray box.
This will now send an email with the PDF attached containing the search results every X minutes/hours whenever the threshold is breached.
Is this in reference the Splunk ES?
Have a look at this workaround.
https://answers.splunk.com/answers/111602/trigger-a-pdf-via-the-command-line.html
I'm not understanding the PDF part. What does the stanza name represent? Where do I put my dashboard info which will be converted and emailed as a PDF?
So the PDF alert is basically a regular alert search with alert action as a script. You'd schedule a PDF delivery for your dashboard as usual, but after setting cron and other things, just un-schedule it. The script is basically running the search, without scheduling it.