cheers @ all splunker,
one more question of this topic. (How to get Splunk sendemail command to send multiple emails based on search results)
I read a lot of stuff & take a lot of time but without success.
why the following search sent only to TO Emailladress and the first Emailadress of searchresult.
the goal is that all email recipient from search got an email.
could please someone assit?
SplunkCore V6.3.1
Search:
sourcetype=Authenticator user="*" action=Authentication status=Success
| eval username =lower(user)
| stats latest(_time) as Login by username
| eval tnow =now()
| eval diff =tnow - Login
| convert ctime(Login)
| convert ctime(tnow)
| eval diff1 = strftime(diff,"%j")
| join [ inputlookup userauth.csv
| rename "# username" as username ]
| eval cc_all=mvjoin(email, ",")
| where diff1 > 90
| table "first name" "last name" Login username "email" "mobile number" "diff1" cc_all
| sort diff1
| sendemail to=$result.bcc$ cc=some@email.de format=html subject="short discription" from=other.e@mail.de priority=highest footer="text" server=smtp.1234.de sendresults=false
the table result as aspected, the cc_all field has a lot of emailadreses to sent
5/12/16 2:45:27.404 PM
2016-05-12 14:45:27,404 +0200 INFO sendemail:112 - Sending email. subject="short discription", results_link="None", recipients="[u'thxxog@cxxe.de', u'first@result.email.adresse']", server="smtp.1234.de"
source = /opt/splunk/var/log/splunk/python.log
thanks in advance
... View more
