Solved: Re: Take csv outputs from multiple searches and se...

rlautman · ‎05-17-2013

I have 4 separate searches that run nightly and each produces a csv output which is sent via email - is it possible to take each of these separate csvs and, keeping them as separate files, send them together in one email?

kristian_kolb · ‎05-17-2013

I guess that you could do it via a script (even independent of splunk) that runs at, say 06.00, and picks the four files as attachments (since the filenames/paths are known).

View solution in original post

yannK · ‎05-17-2013

you could outputcsv the 4 results, then have a 5th search that append all the csv togethers and email the result.

example with 2 searches generating a unique csv per search : (erasing the previous day result eachtime)

<mysearch1> | table fieldA fieldB | outputcsv resultsearch1.csv

<mysearch2> | table fieldA fieldB | outputcsv resultsearch2.csv

then the alert regrouping all the results (to be scheduled to run after)

|inputcsv resultsearch1.csv | append [ inputscsv resultsearch2.csv ] | table fieldA field B

rlautman · ‎05-24-2013

Thanks YannK - I had considered this but each csv must remain separate as each is showing different results

rlautman · ‎05-17-2013

Thanks, I was quite sure this would be the solution - I just wanted to check if there was a way I could do it using a scheduled search. Can you put your comment as an answer and I will considered the question answered? Thanks for the quick reply 🙂

kristian_kolb · ‎05-17-2013

I guess that you could do it via a script (even independent of splunk) that runs at, say 06.00, and picks the four files as attachments (since the filenames/paths are known).

Take csv outputs from multiple searches and send in email

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector