Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

sendemail. email averrable

gitingua
Communicator
‎10-18-2021 07:36 AM

on the output I get the result with users. the username is similar to the name of the mail. how do i call the username variable in the sendemail command 

usernameabcabc1abc2
John123
Smith312
Georgy231


| sendemail to="$username$@gmail.com" sendresults=true subject="Test sub" message="message"

error 
command="sendemail", {u'@gmail.com': (501, '5.1.3 Invalid address')} while sending mail to: @gmail.com

in the output, the variable takes the username, gets everyone's name and sends a message to everyone

And is it possible to make everyone get only their own line of output?

Thanks !!!

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-18-2021 07:53 AM

You probably can get around it but I would advise against doing it this way.

Firstly, you can't just use one "| sendemail" do spawn several email sending processes. For that you'd have to do some fancy "| map" thing. Secondly, sending emails to dynamicaly generated addresses... well, that's risky. Are you 100% sure your addresses are all right?

So yes, you can use "| map" to generate a separate sendemail command for each results row but I'd advise you to either write own alert action or give the idea up completely and think of another way to do that.

0 Karma
Reply

gitingua
Communicator
‎10-18-2021 08:17 AM

@PickleRick Yes. I'm sure the names are the same as the email address. how to write an application correctly. write please?
I tried to write "| eval email = $username$."@gmail.com"" the address comes out almost, but the command "| sendemail to = $email$" does not accept for some reason

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-19-2021 12:53 AM

As I said earlier - if you just pipe results of a search to a sendemail command, you'll just issue one command for the whole set of results. I suppose it's not what you want. You want to launch separate sendemail for each row of result set.

That's what map command is for. If you're really sure you know what you're doing, use that command to spawn |sendemail for each row of your result set but that's a very ugly idea. Especially if you have many rows in your result set.

0 Karma
Reply

gitingua
Communicator
‎10-19-2021 02:45 AM

@PickleRick OK. I heard you. but you can somehow pass the created variable "email". to the "to" part of the "sendemail" command? without sending the result? something like this | sendemail to=$email$ message="Test messages to users". ? It does not see "$email$" in this format

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-19-2021 06:37 AM

Have you checked how the map command works? Templating parameters is its core functionality. Oh, and in your case you'd probably not want to send all results, just create a predefined (possibly templated) email contents.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...