Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Read a lookup and for each field send a email.

gl_splunkuser
Path Finder
‎03-23-2021 11:27 AM

Hello everyone, 

I have a situation, I would like to read a lookup and for each field that match with a search criteria, send a email.

For example: I have the lookup mails.csv and if I find something like this 

Emailsend 
test1@gmail.comNO
test2@gmail.comNO

 

So I would like to send a email for each field in the column send with the word "NO" and after that change the state to "Yes".

I have this search, 

| inputlookup append=t mails.csv
| search send = NO
| eval email_subj= subject
| eval body = email_subj
| eval email_to ="desk@xxx.xx" 
| table  email_subj, email_to, body
| sendresults    --- >>>>At this point, just send the first result that found
[search lookup cm.csv | fields subject| rename subject As email_subj
| eval send= "YES"
| eval asunto=email_subj
| table asunto, sender , send]
| outputlookup cm.csv --- >>>> Change the value in any field with the word NO and delete the others

 

 

Thanks in advance.

Labels (3)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...