If you really do need to test from a shell, enable debug logging as previously noted, and then from the shell (Bash in this example) on the Splunk host, run: # this script assumes your management po...
See more...
If you really do need to test from a shell, enable debug logging as previously noted, and then from the shell (Bash in this example) on the Splunk host, run: # this script assumes your management port is 8089
$SPLUNK_HOME/bin/splunk login
$SPLUNK_HOME/bin/splunk cmd python $SPLUNK_HOME/etc/apps/search/bin/sendemail.py 'to="test@example.com" subject="Test Message"' << EOF
authString:$(echo -n $(cat ~/.splunk/authToken_splunk_8089))
sessionKey:$(echo -n $(sed -re 's/.*<sessionkey>(.*)<\/sessionkey>.*/\1/' ~/.splunk/authToken_splunk_8089))
owner:$(echo -n $(sed -re 's/.*<username>(.*)<\/username>.*/\1/' ~/.splunk/authToken_splunk_8089))
namespace:search
sid:
_time,_raw
"1713023419","This is the first event/row."
"1713023420","This is the second event/row."
EOF
$SPLUNK_HOME/bin/splunk logout Note that the empty line between sid: and _time is mandatory. The empty line indicates to Intersplunk that CSV formatted search results follow. The setting:value entries before the empty line represent the Intersplunk header. sendemail.py makes several Splunk REST API calls and requires a session key and app context to work correctly. The Splunk login command will create a new session and cache your username, session key, etc. in ~/.splunk/authToken_splunk_8089. The Splunk logout command will invalidate the session and remove ~/.splunk/authToken_splunk_8089.