Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Edit CSV file sent through sendemail command

Poojitha
Path Finder
‎12-19-2023 03:18 AM

Hi All,

I am trying to send email using sendemail command with csv as an attachment . Email is getting sent successfully but file is getting named as "unknown-<date_time>". I want to rename this file. Please let me know how we are doing this.

| sendemail
      sendresults=true format=csv
      to=\"$email$\"
      graceful=false
      message="This is a test email"
      subject="Test Email Check"

Also , message and subject is getting truncated. I am getting message body as "This" and Subject as "Test".
Please help me to know what is going wrong.

Help on :
Renaming the csv file.
How to avoid message body and subject getting truncated.

I really appreciate your help on this

Regards,
PNV

Labels (1)
Labels
0 Karma
Reply

Esky73
Builder
‎02-26-2024 07:52 PM

Came looking for an answer to this as well - seems there has been an idea for this for some time now ..

https://ideas.splunk.com/ideas/EID-I-717 

0 Karma
Reply

Poojitha
Path Finder
‎01-05-2024 12:11 PM

@bpick  : I am seeing come inconsistency. Once the SPL worked where subject and email body were added as I specified . But sometimes it is not working.
Email is getting sent . 

Internal logs show subject and email body as empty 😞

0 Karma
Reply

Poojitha
Path Finder
‎01-05-2024 12:09 PM

@isoutamo  This is how my SPL looks like. Alert is created to run on weekly basis

< my initial search here>
| table hostname owner version 
| outputcsv test.csv
| stats values(owner) as email
| mvexpand email 
| eval subject="Test Alert" ,email_body= "This is test email body"
| map  search="|inputcsv test.csv | where owner=\"$email$\" |
 sendemail sendcsv=true to=\"$email$\" subject=\"$subject$\" message="\$email_body$\""

I created subject and email_body using eval and using in sendemail.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-05-2024 06:17 AM

First thing to verify would be to check your _internal logs for the sendemail.py activity and see whether it reports sending the email with the full subject (you won't see the message contents in the log) or truncated one. This way you'll know if it's something between Splunk and the sendemail.py script or is it something in sendemail.py/between it and your email server.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-05-2024 06:12 AM

Hi

this should work as expected and documented. Only thing is what you have on $email$ and where you have set it? And where you are calling this partially SPL?

I suppose that this csv file prefix is fixed and you cannot change it?

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...