Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Send emails to users based on different condtions

c_krishna_gutur
Explorer
‎02-13-2017 09:03 PM

Hello Everyone, there is a requirement in which i need to send emails to different groups based on conditions, i heard that i can solve it by using scripts, as i am novice to splunk can anyone provide me sample example to achieve this. Even it is more helpful if you provide the script in .js file.
Thanks in Advance.

Tags (1)
0 Karma
Reply

nickhills
Ultra Champion
‎02-14-2017 04:26 AM

You could use a scripted alert to achive this, but there are some hoops to jump through.

You will need to write a script to parse the fields sent with the 8th alert argument. You can then based on these values take a different action (destination address) based on the result.

There is a good example here using a python wrapper to do something similar
https://answers.splunk.com/answers/149836/how-to-run-an-alert-script-on-field-values-generated-in-sp...

If my comment helps, please give it a thumbs up!
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-14-2017 04:26 AM

Here's a crude approach:

base search yielding a field range | eval recipient = case(range<=30, "groupa@example.com", range<=50, "groupb@example.com", true(), "groupc@example.com")

Then configure the alert's email to field to be $result.recipient$. The email will then be sent to the value of the recipient field in the first result row.

Once you're happy with the basic functionality you should consider moving the list of recipients out to macros or lookups in order to not have to touch many alerts when an email or range changes.

Reply

nickhills
Ultra Champion
‎02-14-2017 01:15 AM

what do you mean "conditions"?

If you can isolate each "condition" into a seperate alert, you dont need to use scripts at all - simply configure each alert to email the relevent team.

There may be a cases (i can think of a few) where this would be less ideal, but perhaps you can give us some examples of what the data/conditions are in your use case.

If my comment helps, please give it a thumbs up!
0 Karma
Reply

c_krishna_gutur
Explorer
‎02-14-2017 04:13 AM

Thanks for the reply nick.
Lets consider that i have range of marks that is from 10-30, 31-50,51-100, i need to send emails to 3 different groups based on the range of marks, all the above range of marks resulted in single query. If the marks range is 10-30 email has to trigger to A group, if the marks range is between 31-50 email has to trigger to B group else C group,

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...