- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Adaptive Response Action Send email not sending results
We made a clean installation of on-prem Splunk Enterprise 8.0.9 and Enterprise Security 6.4.0. When correlation search returns results, we would like to append these results to an email via adaptive response action "Send Email". We had selected the option to include an inline-table, but regardless of this setting, the table with results is still not added to the email.
There are two additional findings we discovered:
- If we try to append results of standard alert search (non-correlation search) to an email it works.
- If we set sendresults = 1 in $SPLUNK_HOME/etc/system/local/alert_actions.conf it also works but not for all correlation searches...
Has anybody encountered such problems and how did you solve it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am also facing this problem. Does anyone have a solution to this problem yet?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Made a report to Splunk > Fixed in ES 6.6.0
Workaround: openen your alert in "searches, reports & Alerts" and Save it again. then it should work
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much, It's worked for me!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you get a solution for this?
We are seeing the same thing.
I did some tests and it looks like the following option in not set in the savedsearches.conf :
action.email.sendresults = 1
It always is 0 (and doesnt send anything) whatever you select.
