Security & the Enterprise
Much secured. So patch!

Send email notification/alert to different recipients based on search result

swathiadireddy
Loves-to-Learn Everything

Usually I specify the email recipients for the normal alerts like CPU usage...

But here I am trying to send the email to the users based on the search results.

Example: 

I already wrote a query to display the following results 

Name                    Email                                        Title            

XYZ                      XYZ@gmail.com                   Analyst

ABC                     ABC@gmail.com                    Manager 

EFG                      EFG@gmail.com                     Application Developer 

.

.

.

.

50,000 users ...

================================================================================

Based on the above results I am going to display the most recent user whose connection was closed recently by using a return command. 

Lets assume from the above results ABC connection was closed recently (lets say 6:15). so I would like send an email alert to ABC with a message "ABC device connection is closed at 6:15". In the similar way each user in the organization should receive an email when their connection was closed based on the query results.

Any ideas ???

Has anyone tried similar alerts ???

 

 

 

0 Karma

youngsuh
Path Finder

Do you have Splunk Phantom?

Are you look for something out of the box native?

because you want to enumerate the email based on the results right?

0 Karma

swathiadireddy
Loves-to-Learn Everything

@youngsuh Thanks for your reply.

I dont have Splunk Phantom.

Yes, this alert should to be sent to the user based on the results.

Have you tried anything similarly ?

Tags (1)
0 Karma

youngsuh
Path Finder

No.  Not in Splunk.  I did it Mulesoft.  You need an orchestration tool to automate that workflow.  Or write a python script from the csv.  I have done similar with AWS using a bash script to email invenotry. 

0 Karma

swathiadireddy
Loves-to-Learn Everything

@youngsuh Thanks for your response.

I am more looking for similar scenario in Splunk.

0 Karma