Splunk Search

How can I send emails to Email address in search results , with defined mail body?

Dayalss
Engager

Hi,

I have a spl query which identifies users on a particular criteria.

I want to notify them by sending an email directly from Splunk.

How can I do this i.e.,  where in splunk picks the email address from search results and sends an email and how can i mention the email body in splunk with links.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

The default way of sending an email from Splunk is using the sendemail command. Alternatively, you can use the sendresults app - https://splunkbase.splunk.com/app/1794

I'm not sure however if any of those let you send html body including links and so on. That's not a very good idea in the first place, especially if you wanted to create such email body dynamically based on event contents.

What is your use case anyway? Why would you want to send emails directly from Splunk search?

0 Karma

Dayalss
Engager

My use case is to notify users who have crossed  certain metrics and alert them to action on it.

So , instead of manually pulling the list and sending emails, wanted to  use splunk to do that, as we are getting that data in splunk.

And more over the email subject remains same for all and its not dynamic,

 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

So probably the sendemail app will be what you need. Just be careful not to generate too much spam with a badly written search :slightly_smiling_face:

0 Karma

Dayalss
Engager

Is there any other option than using an app?

0 Karma

PickleRick
SplunkTrust
SplunkTrust

OK, let me rephrase that. If you mean "I'm an ordinary user and can't install aps, can I send emails?" then the answer is most probably "no". Theoretically, you probably could use sendemail command (with some clever "looping" over search results with map) but you will most probably _not_ have the privilege to use that command.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...