Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Unable to sendmail to multiple recipients

ibob0304
Communicator
‎06-12-2017 09:48 AM

Unable to send email to multiple people. How to send to multiple email recipients ?

index="customscripts" sourcetype="email"
|rex field=_raw "Timestamp:\s(?<Timestamp>.+)" 
|rex field=_raw "Application:\s(?<Application>.+)" 
|rex field=_raw "File\sLast\sModified:\s(?<File_Last_Modified>.+)" 
|eval hen ="test1@domain.com,test2@domain.com" |nomv hen 
|table Application, File_Last_Modified
|sendemail to=$hen$ format=table subject="web access log test"  message="Test" sendresults=true inline=true content_type=html
0 Karma
Reply

woodcock
Esteemed Legend
‎06-12-2017 05:11 PM

I tested this and it works:

| makeresults 
| eval hen ="email1, email2" 
| eval increment_me_for_each_test=1
| sendemail to=$result.hen$ format=table subject="web access log test" message="Test" sendresults=true inline=true content_type=html
0 Karma
Reply

somesoni2
Revered Legend
‎06-12-2017 10:13 AM

Use like this

...current search before sendemail command
|sendemail to="$result.hen$" ....rest...
0 Karma
Reply

ibob0304
Communicator
‎06-12-2017 10:23 AM

but that gives additional column hen (with all the recipients) in the output email. I tried yours and got 3 column's output. Application, File_Last_Modified, hen (list of recipients ). I tried fields - hen but it doesn't work.

0 Karma
Reply

ibob0304
Communicator
‎06-12-2017 10:33 AM

is it possible to remove the list of recipients (hen column) from the output ?

0 Karma
Reply

somesoni2
Revered Legend
‎06-12-2017 11:56 AM

I don't think we can with above method. Try this less efficient workaround.

index="customscripts" sourcetype="email"
 |rex field=_raw "Timestamp:\s(?<Timestamp>.+)" 
 |rex field=_raw "Application:\s(?<Application>.+)" 
 |rex field=_raw "File\sLast\sModified:\s(?<File_Last_Modified>.+)" 
 |eval hen ="test1@domain.com,test2@domain.com" |nomv hen 
 |table hen Application, File_Last_Modified
| map maxsearches=100 search="| gentimes start=-1 | eval Application="$Application$" | eval File_Last_Modified="$File_Last_Modified$" |sendemail to=$hen$ format=table subject="web access log test"  message="Test" sendresults=true inline=true content_type=html "

|sendemail to=$hen$ format=table subject="web access log test" message="Test" sendresults=true inline=true content_type=html

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...