Knowledge Management

Workflow Action - Mailto

Matthias_BY
Communicator

Hello,

i want to allow my people to mail an event in a custom format to other people out of splunk manually.

so i'm looking for a way to involve the workflow action for event types. i tried to use like:

mailto:test@test.com?subject="ALARM-Stufe_Rot_$host$?body=Hello_that_is_body_test_with_clientip_$clientip$

this does not work. the workflow does only appear if a URL is included...

does someone know how i can work around this? copy into clipboard would also work, but i think with the MailTo it might be easier.

br
matthias

Tags (1)
0 Karma
2 Solutions

rturk
Builder

I think you're going to have trouble launching an external email client from a workflow action because the only possible actions are GET, POST, and launching another Splunk search based on the returned results.

Both the GET & POST actions require a target URL, so unless you have a web-based email client that will allow you to invoke a new email by a URL, I think you're out of luck.

Happy to be proved wrong though!

Ref: http://docs.splunk.com/Documentation/Splunk/5.0.4/Knowledge/CreateworkflowactionsinSplunkWeb

View solution in original post

0 Karma

MuS
SplunkTrust
SplunkTrust

Just did a quick check and did setup a workflow with a POST URI mailto://anyEmail@SomeCompany.com and if I select the workflow, the default email client opens up with an email.....

although the email address looks strange in the mail (it includes the // ), I was able to test and add $_raw$ to the body of the email.

It looks like it is possible somehow....

View solution in original post

haraksin
Path Finder

You can also solve this using the sendemail command in a search-type workflow action:

| sendemail to=$owner@my.url$ subject="New Notable in: $title$" message="How are you guys doing? This has src $src$ dest $dest$ and severity $urgency$"
0 Karma

timpacl
Path Finder

I am doing this in a workflow. It is as simple as setting the link using mailto protocol (ie. mailto:me@work.com?Subject=Time to go home). mailto is a valid link format and so can be used. Open link in current window to avoid opening a blank tab in the browser. You can embed fields ($host$, $_raw$, etc).

0 Karma

MuS
SplunkTrust
SplunkTrust

Just did a quick check and did setup a workflow with a POST URI mailto://anyEmail@SomeCompany.com and if I select the workflow, the default email client opens up with an email.....

although the email address looks strange in the mail (it includes the // ), I was able to test and add $_raw$ to the body of the email.

It looks like it is possible somehow....

MuS
SplunkTrust
SplunkTrust

Converted my comment to an answer, so you could accept it 😉 cheers, MuS

0 Karma

Matthias_BY
Communicator

Thanks - that looks good. but even the // is bad within the mail client... i think the best workaround is to forward via workflow action a a small wepage with PHP content and add the content as values and then with a few lines of php code display everything and launch the mail client from there.

0 Karma

rturk
Builder

I think you're going to have trouble launching an external email client from a workflow action because the only possible actions are GET, POST, and launching another Splunk search based on the returned results.

Both the GET & POST actions require a target URL, so unless you have a web-based email client that will allow you to invoke a new email by a URL, I think you're out of luck.

Happy to be proved wrong though!

Ref: http://docs.splunk.com/Documentation/Splunk/5.0.4/Knowledge/CreateworkflowactionsinSplunkWeb

0 Karma

Matthias_BY
Communicator

Hi RT,

i'm looking to launch a email client with predefinied subject and body. so they have the chance to edit it and then send it out.

0 Karma

rturk
Builder

Hi Matthias,

Are you looking to send an email immediately after selecting the workflow link, or are you looking to launch a email client with the subject & body pre-filled for sending? I'm guessing the former, but thought I'd ask.

RT

0 Karma
Get Updates on the Splunk Community!

Testing out the OpenTelemetry Collector With raw Data

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...