Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a search based on search results using command 'sendemail'?

gl_splunkuser
Path Finder
‎06-22-2020 05:09 PM

Hello, I am using Splunk enterprise 7.3.5.

I would like to send an email, using the command sendemail, but I would like to create it based on a search result, so I am trying:

 

eventtype = myeventype | table message_subject, sender_address |sendemail sendresults=true inline=true from=$sender_address$ subject=$message_subject$ to=myemail

 

Where

message_subject and sender_address, are fields of the search. 

But when I received the email, looks like- (see the attached image)

Basically, the parameters are not working, I received the email without any of those parameters set.

 

email_bySplunk.PNG

How can I fix that?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gjanders
SplunkTrust
SplunkTrust
‎06-22-2020 09:37 PM

SendResults

Would likely be a good fit...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Solved! Jump to solution

gl_splunkuser
Path Finder
‎06-23-2020 09:22 AM

Sendresults as I read don't have the feature to set parameters in the value - sender: The sender (from) address of the emails - requires quotes. Defaults to Splunk SMTP sender setting. The same sender is used for all emails sent and not customizable on a per-email basis. - 

And I need to set that value as a parameter.

 

Thanks for your help. 

Tags (1)
0 Karma
Reply
Solved! Jump to solution

gjanders
SplunkTrust
SplunkTrust
‎06-23-2020 10:46 PM

Quoting the details page of sendresults app from SplunkBase:

"The Search Command version of Sendresults supports the following syntax and optional arguments:

sendresults [sender=string] [subject=string] [body=string] [footer=string] [maxrcpts=int] [msgstyle=string] [format_columns=string] [bcc=string] [showresults=boolean] [showemail=boolean] [showsubj=boolean] [showbody=boolean] [showfooter=boolean]

sender: The sender (from) address of the emails - requires quotes. Defaults to Splunk SMTP sender setting. The same sender is used for all emails sent and not customizable on a per-email basis."

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
Reply
Solved! Jump to solution

gl_splunkuser
Path Finder
‎06-23-2020 11:49 AM

I used the app sendresults, works pretty well, but I modify the sendresults.py to have the capability to use the sender as a parameter.

Code:

sender = event['sender']

And sent it as a parameter of sendemail function. 

Thanks for the suggestion @gjanders 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...