Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Sendemail command

andrey2007
Contributor
‎03-06-2014 02:29 AM

I use sendemail command in scheduled search which runs every 5 minutes .
search looks like
index=myindex user=* | table user host source| sendemail.py to="me@company.com" subject="SPLUNK alert" sendresults=true server=1.1.1.1

Even there are no results i receive message with text "No results".

Is it possible to exclude such messages?

Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-06-2014 02:37 AM

You could change your search to a regular alert and remove the sendemail command from the search. Then you get features such as filtering for number of results > 0 through the alert configuration.

Reply

andrey2007
Contributor
‎03-07-2014 04:55 AM

Yes I had to choose this way and now i am modifying sendemail.py in search app.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-07-2014 04:34 AM

Yup, those are hardcoded into the sendemail command. You can copy that python file and add your own command to splunk, say "mysendemail", and use that in alert_actions.conf. In there you can change how you'd like your mails to look.

0 Karma
Reply

andrey2007
Contributor
‎03-07-2014 04:02 AM

But i will get alert name, link to results and etc. even if i turn off pdf delivery and include inline results(

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-07-2014 02:14 AM

Turn off PDF delivery then, you won't get an empty graph anymore.

0 Karma
Reply

andrey2007
Contributor
‎03-07-2014 01:38 AM

yes, it is pdf attachment. My main goal is to get only table without message headers(alert name, link to results and etc.)

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-06-2014 12:15 PM

Is that delivered as a PDF attachment?

0 Karma
Reply

andrey2007
Contributor
‎03-06-2014 03:13 AM

something like result of chart command execution but it is empty and has legend with specified field names which I used in my search (user host source).

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-06-2014 02:52 AM

What do you mean by empty graph above it?

0 Karma
Reply

andrey2007
Contributor
‎03-06-2014 02:47 AM

Sure but when I make it i receive on email table with my results and empty graph above it. I do not know where does this graph originates from? So I tried sendemail command.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...