Solved: Re: A loop to mail individual events to different ...

decoherence · ‎10-25-2013

I have a simple search similar to this

host=ccirc.example.com | table email malware | sort email | uniq

which gives me results like this

freddy@example.com zeroconf
jimbob@example.com conficker
jamesdean@example.com citadel
marthastewart@example.com zeus

Is it possible for me to iterate through each line and send a boilerplate email to the address in the fist field, basically saying "you are infected with $virus"?

I should also note that the source file for this search is generated by a script once a day, so you don't see individual lines coming in 'real time.'

Any insights are much appreciated!

yannK · ‎10-25-2013

This functionality doesn't exist.
But you can create your own scripted alert that will create the emails after parsing the results.

see http://docs.splunk.com/Documentation/Splunk/6.0/Alert/Configuringscriptedalerts

View solution in original post

yannK · ‎10-25-2013

by the way nice reference to the quantic transient state.
http://en.wikipedia.org/wiki/Quantum_decoherence

yannK · ‎10-25-2013

This functionality doesn't exist.
But you can create your own scripted alert that will create the emails after parsing the results.

see http://docs.splunk.com/Documentation/Splunk/6.0/Alert/Configuringscriptedalerts

decoherence · ‎10-29-2013

Thanks for pointing me in the right direction!

A loop to mail individual events to different addresses

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!