Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Unable to sendmail to multiple recipients

ibob0304
Communicator
‎06-12-2017 09:48 AM

Unable to send email to multiple people. How to send to multiple email recipients ?

index="customscripts" sourcetype="email"
|rex field=_raw "Timestamp:\s(?<Timestamp>.+)" 
|rex field=_raw "Application:\s(?<Application>.+)" 
|rex field=_raw "File\sLast\sModified:\s(?<File_Last_Modified>.+)" 
|eval hen ="test1@domain.com,test2@domain.com" |nomv hen 
|table Application, File_Last_Modified
|sendemail to=$hen$ format=table subject="web access log test"  message="Test" sendresults=true inline=true content_type=html
0 Karma
Reply

woodcock
Esteemed Legend
‎06-12-2017 05:11 PM

I tested this and it works:

| makeresults 
| eval hen ="email1, email2" 
| eval increment_me_for_each_test=1
| sendemail to=$result.hen$ format=table subject="web access log test" message="Test" sendresults=true inline=true content_type=html
0 Karma
Reply

somesoni2
Revered Legend
‎06-12-2017 10:13 AM

Use like this

...current search before sendemail command
|sendemail to="$result.hen$" ....rest...
0 Karma
Reply

ibob0304
Communicator
‎06-12-2017 10:23 AM

but that gives additional column hen (with all the recipients) in the output email. I tried yours and got 3 column's output. Application, File_Last_Modified, hen (list of recipients ). I tried fields - hen but it doesn't work.

0 Karma
Reply

ibob0304
Communicator
‎06-12-2017 10:33 AM

is it possible to remove the list of recipients (hen column) from the output ?

0 Karma
Reply

somesoni2
Revered Legend
‎06-12-2017 11:56 AM

I don't think we can with above method. Try this less efficient workaround.

index="customscripts" sourcetype="email"
 |rex field=_raw "Timestamp:\s(?<Timestamp>.+)" 
 |rex field=_raw "Application:\s(?<Application>.+)" 
 |rex field=_raw "File\sLast\sModified:\s(?<File_Last_Modified>.+)" 
 |eval hen ="test1@domain.com,test2@domain.com" |nomv hen 
 |table hen Application, File_Last_Modified
| map maxsearches=100 search="| gentimes start=-1 | eval Application="$Application$" | eval File_Last_Modified="$File_Last_Modified$" |sendemail to=$hen$ format=table subject="web access log test"  message="Test" sendresults=true inline=true content_type=html "

|sendemail to=$hen$ format=table subject="web access log test" message="Test" sendresults=true inline=true content_type=html

0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...