I have created an alert that generates a report in a tabular form and sends the rows of results to individuals dynamically based on the value in a particular field. However, I also need the entire set of results to be sent to a group irrespective of the result set. When I hardcode the group in the cc mail as per the information on splunk base , the entire result set doesn't get sent to the cc'ed group in a single email instead it is sent to the group as individual emails containing the result set for different individuals. Is it possible to send a single email containing the entire result set to a group while dynamically sending respective rows of results to individual recipients at the same time?
My search looks like this
|pivot ....| eval email_to='user_id'."@abc.com".",group@xyz.com"| sendresults ...
Also, I noticed that if for one user id there are multiple rows of results ,say 3, then 3 result sets get sent to the individual in a single email so i was wondering why the same is not happening with the cc'ed group as it is specified as the recipient for all the rows of result sets.
... View more