Hi flie,
as given in the docs http://docs.splunk.com/Documentation/Splunk/6.2.1/SearchReference/Sendemail you can send emails to multiple recipients like this:
Example 1: Send search results in table format with the subject "myresults".
... | sendemail to="elvis@splunk.com,john@splunk.com" format=raw subject=myresults server=mail.splunk.com sendresults=true
Based on your provided search example, you should add some eval before the sendemail command so its concatenating all found mail values. Take a look at this run everywhere command:
index=_internal | stats values(source) AS mySource | eval otherList=mvjoin(mySource, ", ") | table source, mySource, otherList
otherList would be your to= field for the sendemail command.
So this un-tested search should work:
search <something>
| ldapfilter domain=domainname search="(sAMAccountName=$user$)" attrs="DisplayName,title,givenName,sn,mail"
| eventstats values(to) AS myTo | eval to=mvjoin(myTo, ", ")
| sendemail server=localhost subject="Mail subject" message="Hallo $result.givenName$,
Some mail text"
Adapt it to your needs if it's not working right from the start.
cheers, MuS
... View more