Sendemail using Python SDK

sunilsk1 · ‎08-27-2013

I am trying to run the following search using Splunk python sdk. It returns the results but does not send the EMAIL as it does if i run the same search using the Splunk UI.

searchquery_normal = 'search * earliest="8/26/2013:23:40:00"  latest="8/26/2013:23:55:00" index=os  host=* sourcetype=cpu | lookup chipot fqdn as host | search application_name="New App*" AND physical_environment_name="Production*" AND state="LIVE"| multikv fields pctUser,pctSystem,pctIowait,pctIdle,application_name | search all |eval cpu=100-pctIdle|stats avg(cpu) by host,application_name|rename avg(cpu) as cpualert|where cpualert >20|sort "application_name"|sendemail to="myemailid@domain.com" format=html subject=ALERT_CPU_sentfromPython  sendresults=true'

jkat54 · ‎11-26-2018

What app context are you executing the search with in both scenarios? Alert_actions.conf can be app specific so that one app uses one mail server and settings yet another app can use a different mail server and settings.

So if you have your email configured via alert_actions in yourAppName but you’re executing search from servicesNS/-/- or etc... this could be the cause for the descrepancy.

Sendemail using Python SDK

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

Sendemail using Python SDK

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk