Hi team,
I have search results with CUID is the email(I will append my company domain to CUID, so that mail will go to person) and attached the sample result for the same .How to send the individual emails for all the users along with server name.
I have used send mail command , but it is sending only one mail to the user appear in the first result. I need to send mail to all the users that appears in the list.
Please help me on this.
This is from another Q&A:
https://answers.splunk.com/answers/399434/send-emailed-results-to-an-email-address-in-the-re.html#an...
If you need to send a contextually-appropriate subset of results to some people, you can skip the configuration-based email settings and do this in SPL:
... | outputcsv TempFile.csv
| stats values(Email_Address) AS emailToHeader | mvexpand emailToHeader
| map search ="|inputcsv TempFile.csv | where Email_Addresss=\"$emailToHeader$\"
| fields - Email_Address
| sendemail
sendresults=true inline=true
server=\"Your.Value.Here\"
from=\"Your.Value.Here\"
to=\"$emailToHeader$\"
subject=\"Your Subject here: \$name\$\"
message=\"This report alert was generated by \$app\$ Splunk with this search string: \$search\$\""
| where comment="MakeSureNoEventsRemail"
| append [|inputcsv TempFile.csv]
It's pretty simple, don't even need to use map command. Just enable send email alert action and in to: field set $result.email$ (email - depend upon your field name in Splunk result) and select trigger "for each result". Email will be send to the respective email address for each line of result.
You can use the map command along with the sendemail command, like this
your current search with all the fields mentioned in the screenshot
| map maxsearch=1000 search="| gentimes start=-1 | eval HOSTNM=\"$HOSTNM$\" |..other fields | sendmail to=\"$CUID$\" ..."
Did you try the map command?,
Look at below answer
https://answers.splunk.com/answers/627366/sending-emails-to-users-that-appear-in-search-resu.html