Hi,
I have a spl query which identifies users on a particular criteria.
I want to notify them by sending an email directly from Splunk.
How can I do this i.e., where in splunk picks the email address from search results and sends an email and how can i mention the email body in splunk with links.
The default way of sending an email from Splunk is using the sendemail command. Alternatively, you can use the sendresults app - https://splunkbase.splunk.com/app/1794
I'm not sure however if any of those let you send html body including links and so on. That's not a very good idea in the first place, especially if you wanted to create such email body dynamically based on event contents.
What is your use case anyway? Why would you want to send emails directly from Splunk search?
My use case is to notify users who have crossed certain metrics and alert them to action on it.
So , instead of manually pulling the list and sending emails, wanted to use splunk to do that, as we are getting that data in splunk.
And more over the email subject remains same for all and its not dynamic,
So probably the sendemail app will be what you need. Just be careful not to generate too much spam with a badly written search ![]()
Is there any other option than using an app?
OK, let me rephrase that. If you mean "I'm an ordinary user and can't install aps, can I send emails?" then the answer is most probably "no". Theoretically, you probably could use sendemail command (with some clever "looping" over search results with map) but you will most probably _not_ have the privilege to use that command.