Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About garujoey
garujoey
Engager
Member since:
05-10-2018
06-05-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 05-10-2018 |
Activity Feed
- Karma Re: How to send mail to the user in one mail if the values are combined? for xpac. 06-05-2020 12:49 AM
- Posted Re: Is it possible to send mail only when the result is larger than 0? on Alerting. 05-25-2018 12:38 AM
- Posted Is it possible to send mail only when the result is larger than 0? on Alerting. 05-24-2018 07:51 PM
- Tagged Is it possible to send mail only when the result is larger than 0? on Alerting. 05-24-2018 07:51 PM
- Posted Re: How to send mail to the user in one mail if the values are combined? on Splunk Search. 05-24-2018 03:51 AM
- Posted Re: How to send mail to the user in one mail if the values are combined? on Splunk Search. 05-24-2018 03:27 AM
- Posted Re: How to send mail to the user in one mail if the values are combined? on Splunk Search. 05-24-2018 02:54 AM
- Posted Re: How to send mail to the user in one mail if the values are combined? on Splunk Search. 05-24-2018 02:01 AM
- Posted How to send mail to the user in one mail if the values are combined? on Splunk Search. 05-24-2018 01:55 AM
- Tagged How to send mail to the user in one mail if the values are combined? on Splunk Search. 05-24-2018 01:55 AM
- Tagged How to send mail to the user in one mail if the values are combined? on Splunk Search. 05-24-2018 01:55 AM
- Tagged How to send mail to the user in one mail if the values are combined? on Splunk Search. 05-24-2018 01:55 AM
- Posted Re: How to rex multiple lines on Splunk Search. 05-10-2018 07:14 PM
- Posted How to rex multiple lines on Splunk Search. 05-10-2018 03:39 AM
- Tagged How to rex multiple lines on Splunk Search. 05-10-2018 03:39 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
05-25-2018
12:38 AM
Thanks niketnilay, I was using option1 before, but since I need to send mail to those who are in the search results, while it looks like option1 only support the pre defined recipients.
So I used below way in the search, and run it as hourly.
| eventstats values(username) as recipients values(FULL_NAME) as _FULL_NAME
| eval _recipients=mvjoin(_recipients, ",")
| sendemail to=$result._recipients
By using your option2 suggestion, actually there are some entries over 5 counts, but it doesn't send out mail.
No results found.
... View more
05-24-2018
07:51 PM
...
| where count>10
| sendemail to=xxx from=xxx
I am using where count > 10 to sort out the count that is larger than 10 sessions and will send mails to those guys.
However, the problem is that the sendemail will run no matther if the search returns any results.
Is there a way to send mail only when "where count>10" really returns a result, if no results, just break the sendemail part?
... View more
- Tags:
- splunk-enterprise
05-24-2018
03:51 AM
Yes, I am going to only send one mail with multiple recipients to avoid too much duplicated mails.
:)
... View more
05-24-2018
03:27 AM
Thanks xpac, it works well!!!
I will setup an alert or report using this search query. However it will be a little different as what I setup it in the alert trigger threshold that if the result is over 1, Splunk will send mail out.
By using this way, looks like Splunk will send out even the result is 0, but I will try to figure that out.
... View more
05-24-2018
02:54 AM
Thanks xpac, it should be working, I remove the sendemail part to the test first, looks good.
But by adding | stats values(username) as recipients, the table will be changed as well.
Is there a way to keep below search result which I need to put it into the mail body?
No. username Site
1 a A
2 b B
... View more
05-24-2018
02:01 AM
missed some comments that if the vaules are comined, then I can send mail to them in one mail, in the to list, it is "a;b"
... View more
05-24-2018
01:55 AM
Hi There,
I'd like to send mails to the people from my search table, the table looks like below:
No. username Site
1 a A
2 b B
I tried to use command but it sent mail to the top user in the table instead of all them.
| eval recipients=mvjoin(username, ";") | nomv recipients | sendemail from=xxx to=$result.recipients$
I searched mvexpand, mvcombine, but no luck, would you share your suggestion please?
Thank you!
... View more
05-10-2018
07:14 PM
Thanks woodcock, I used "| rex max_match=0 field=_raw "(?)Dest : (?.*)" | table path" in the end, but your suggestion to use "max_match=0" really helps!
... View more
05-10-2018
03:39 AM
Hi there,
I am a newbie in Splunk and trying to do some search using the rex.
The log body is like:
blah blah
Dest : aaa
blah blah
Dest: bbb
blah blah
Dest: ccc
I searched online and used some command like ' rex field=_raw "(?s)Dest : (?.*)" ' or (?smi), but it wasn't what I wanted.
I need the output to only get the table like
aaa
bbb
ccc
Is there any way to do that?
Thank you very much in advance!
:)
... View more
- Tags:
- splunk-enterprise
