Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to sendmail to multiple recipients

ibob0304
Communicator
‎06-12-2017 09:48 AM

Unable to send email to multiple people. How to send to multiple email recipients ?

index="customscripts" sourcetype="email"
|rex field=_raw "Timestamp:\s(?<Timestamp>.+)" 
|rex field=_raw "Application:\s(?<Application>.+)" 
|rex field=_raw "File\sLast\sModified:\s(?<File_Last_Modified>.+)" 
|eval hen ="test1@domain.com,test2@domain.com" |nomv hen 
|table Application, File_Last_Modified
|sendemail to=$hen$ format=table subject="web access log test"  message="Test" sendresults=true inline=true content_type=html
0 Karma
Reply

woodcock
Esteemed Legend
‎06-12-2017 05:11 PM

I tested this and it works:

| makeresults 
| eval hen ="email1, email2" 
| eval increment_me_for_each_test=1
| sendemail to=$result.hen$ format=table subject="web access log test" message="Test" sendresults=true inline=true content_type=html
0 Karma
Reply

somesoni2
Revered Legend
‎06-12-2017 10:13 AM

Use like this

...current search before sendemail command
|sendemail to="$result.hen$" ....rest...
0 Karma
Reply

ibob0304
Communicator
‎06-12-2017 10:23 AM

but that gives additional column hen (with all the recipients) in the output email. I tried yours and got 3 column's output. Application, File_Last_Modified, hen (list of recipients ). I tried fields - hen but it doesn't work.

0 Karma
Reply

ibob0304
Communicator
‎06-12-2017 10:33 AM

is it possible to remove the list of recipients (hen column) from the output ?

0 Karma
Reply

somesoni2
Revered Legend
‎06-12-2017 11:56 AM

I don't think we can with above method. Try this less efficient workaround.

index="customscripts" sourcetype="email"
 |rex field=_raw "Timestamp:\s(?<Timestamp>.+)" 
 |rex field=_raw "Application:\s(?<Application>.+)" 
 |rex field=_raw "File\sLast\sModified:\s(?<File_Last_Modified>.+)" 
 |eval hen ="test1@domain.com,test2@domain.com" |nomv hen 
 |table hen Application, File_Last_Modified
| map maxsearches=100 search="| gentimes start=-1 | eval Application="$Application$" | eval File_Last_Modified="$File_Last_Modified$" |sendemail to=$hen$ format=table subject="web access log test"  message="Test" sendresults=true inline=true content_type=html "

|sendemail to=$hen$ format=table subject="web access log test" message="Test" sendresults=true inline=true content_type=html

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...