Hello all,
I have a query that is locating users that are logging in to our exchange server. I have an alert set up that sends the username to a static e-mail address.
I would like to make that static e-mail address dynamic based on the results pulled from the table.
i.e.: index=exchange these_terms_here --> yields --> johndoe@google.com
Instead of alerting ME that johndoe@google.com has logged in, I want to alert johndoe@google.com that he has logged in.
I was thinking that Splunk uses Splunk Alert: $name$, so I could just call my field from the search results $email$, but that appears to be local to the create alert function.
Other than a Python script, thoughts? I will do it w/ Python if there are no local-to-Splunk options. Thanks!
The basic alerting doesn't allow dynamic email destination.
If you want to go this way, use scripted alerts, and write a script that :
see http://docs.splunk.com/Documentation/Splunk/4.3.3/admin/ConfigureScriptedAlerts
Did you ever create a script to do this? Willing to share?
Splunk says you can upload just scripts to their site.. maybe here?
Built something useful with Splunk? Want to share it?
Why not package it into an app and upload it?
Uploads don't have to be complex. Even one useful script, saved search, or view can help others in the Splunk Community!
Yes, I did create a script to do this. After some trial and error, it is working. I will find a way to share this.
6 yrs later, i have the same problem. Does someone have a script they can share?
Hi
FYI, we did it with the following SPL request :
| inputlookup lookup_FILTER_EMAIL.csv
| map search="search index=xxx
| search filter=$FILTER$
| eval mail=$EMAIL$
| sendemail to=\"$EMAIL$\" subject=\"test $FILTER$\" sendresults=false sendcsv=true " maxsearches=20
sendresuilts would also handle this scenario
Hi,
Were you able to share the script somewhere ?
Rgds
Dan
The basic alerting doesn't allow dynamic email destination.
If you want to go this way, use scripted alerts, and write a script that :
see http://docs.splunk.com/Documentation/Splunk/4.3.3/admin/ConfigureScriptedAlerts