Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Sendemail command

andrey2007
Contributor
‎03-06-2014 02:29 AM

I use sendemail command in scheduled search which runs every 5 minutes .
search looks like
index=myindex user=* | table user host source| sendemail.py to="me@company.com" subject="SPLUNK alert" sendresults=true server=1.1.1.1

Even there are no results i receive message with text "No results".

Is it possible to exclude such messages?

Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-06-2014 02:37 AM

You could change your search to a regular alert and remove the sendemail command from the search. Then you get features such as filtering for number of results > 0 through the alert configuration.

Reply

andrey2007
Contributor
‎03-07-2014 04:55 AM

Yes I had to choose this way and now i am modifying sendemail.py in search app.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-07-2014 04:34 AM

Yup, those are hardcoded into the sendemail command. You can copy that python file and add your own command to splunk, say "mysendemail", and use that in alert_actions.conf. In there you can change how you'd like your mails to look.

0 Karma
Reply

andrey2007
Contributor
‎03-07-2014 04:02 AM

But i will get alert name, link to results and etc. even if i turn off pdf delivery and include inline results(

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-07-2014 02:14 AM

Turn off PDF delivery then, you won't get an empty graph anymore.

0 Karma
Reply

andrey2007
Contributor
‎03-07-2014 01:38 AM

yes, it is pdf attachment. My main goal is to get only table without message headers(alert name, link to results and etc.)

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-06-2014 12:15 PM

Is that delivered as a PDF attachment?

0 Karma
Reply

andrey2007
Contributor
‎03-06-2014 03:13 AM

something like result of chart command execution but it is empty and has legend with specified field names which I used in my search (user host source).

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-06-2014 02:52 AM

What do you mean by empty graph above it?

0 Karma
Reply

andrey2007
Contributor
‎03-06-2014 02:47 AM

Sure but when I make it i receive on email table with my results and empty graph above it. I do not know where does this graph originates from? So I tried sendemail command.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...