- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- Mass emailing custom user reports?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Splunkers!
A question I was asked recently was whether Splunk could be used to generate potentially thousands of custom emailed reports of things such as an individuals data/phone usage over any given month.
While I have no doubt that I could create a report detailing use for ALL users and export that to a CSV, creating individual reports and emailing them to said individuals seems to be on the outer fringes of what you'd want/expect Splunk to do.
Any thoughts?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This technically seems feasible however as I don't have the data with me, I can't try it out and confirm.
Right now, you have records for "n" users spread over overall "m" rows. Use search commands to manipulate the search output in such a way that all the rows corresponding to a specific user is listed and concatenated in one line instead of multiple lines. In other words, use search commands to do a "group by" on the output on the basis of the users. Once this is done, you will have one row ( having concatenated records ) for each user.
Now, create an alarm action to call any script which will be called on each individual row. Since the record text is available as the contents of the environment variable, you have the text that needs to be incorporated in the body of the email with in your script. After this, all you have to do is to send an email.
Let me know if this works for you.
Regards,
Amit Saxena
Regards,
Amit Saxena
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This technically seems feasible however as I don't have the data with me, I can't try it out and confirm.
Right now, you have records for "n" users spread over overall "m" rows. Use search commands to manipulate the search output in such a way that all the rows corresponding to a specific user is listed and concatenated in one line instead of multiple lines. In other words, use search commands to do a "group by" on the output on the basis of the users. Once this is done, you will have one row ( having concatenated records ) for each user.
Now, create an alarm action to call any script which will be called on each individual row. Since the record text is available as the contents of the environment variable, you have the text that needs to be incorporated in the body of the email with in your script. After this, all you have to do is to send an email.
Let me know if this works for you.
Regards,
Amit Saxena
Regards,
Amit Saxena
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
Splunk APM: New Product Features + Community Office Hours Recap!
Index This | Forward, I’m heavy; backward, I’m not. What am I?
