Knowledge Management

Workflow Action - Can I use Mailto?

Matthias_BY
Communicator

Hello,

i want to allow my people to mail an event in a custom format to other people out of splunk manually.

so i'm looking for a way to involve the workflow action for event types. i tried to use like:

mailto:test@test.com?subject="ALARM-Stufe_Rot_$host$?body=Hello_that_is_body_test_with_clientip_$clientip$

this does not work. the workflow does only appear if a URL is included...

does someone know how i can work around this? copy into clipboard would also work, but i think with the MailTo it might be easier.

br
matthias

Labels (1)
Tags (1)
0 Karma
2 Solutions

rturk
Builder

I think you're going to have trouble launching an external email client from a workflow action because the only possible actions are GET, POST, and launching another Splunk search based on the returned results.

Both the GET & POST actions require a target URL, so unless you have a web-based email client that will allow you to invoke a new email by a URL, I think you're out of luck.

Happy to be proved wrong though!

Ref: http://docs.splunk.com/Documentation/Splunk/5.0.4/Knowledge/CreateworkflowactionsinSplunkWeb

View solution in original post

0 Karma

MuS
SplunkTrust
SplunkTrust

Just did a quick check and did setup a workflow with a POST URI mailto://anyEmail@SomeCompany.com and if I select the workflow, the default email client opens up with an email.....

although the email address looks strange in the mail (it includes the // ), I was able to test and add $_raw$ to the body of the email.

It looks like it is possible somehow....

View solution in original post

haraksin
Path Finder

You can also solve this using the sendemail command in a search-type workflow action:

| sendemail to=$owner@my.url$ subject="New Notable in: $title$" message="How are you guys doing? This has src $src$ dest $dest$ and severity $urgency$"

aakwah
Builder

I believe this should be the answer of the question as non of the other solutions worked for Splunk ES version 7.

sendemail - Splunk Documentation

0 Karma

timpacl
Path Finder

I am doing this in a workflow. It is as simple as setting the link using mailto protocol (ie. mailto:me@work.com?Subject=Time to go home). mailto is a valid link format and so can be used. Open link in current window to avoid opening a blank tab in the browser. You can embed fields ($host$, $_raw$, etc).

0 Karma

MuS
SplunkTrust
SplunkTrust

Just did a quick check and did setup a workflow with a POST URI mailto://anyEmail@SomeCompany.com and if I select the workflow, the default email client opens up with an email.....

although the email address looks strange in the mail (it includes the // ), I was able to test and add $_raw$ to the body of the email.

It looks like it is possible somehow....

MuS
SplunkTrust
SplunkTrust

Converted my comment to an answer, so you could accept it 😉 cheers, MuS

0 Karma

Matthias_BY
Communicator

Thanks - that looks good. but even the // is bad within the mail client... i think the best workaround is to forward via workflow action a a small wepage with PHP content and add the content as values and then with a few lines of php code display everything and launch the mail client from there.

0 Karma

rturk
Builder

I think you're going to have trouble launching an external email client from a workflow action because the only possible actions are GET, POST, and launching another Splunk search based on the returned results.

Both the GET & POST actions require a target URL, so unless you have a web-based email client that will allow you to invoke a new email by a URL, I think you're out of luck.

Happy to be proved wrong though!

Ref: http://docs.splunk.com/Documentation/Splunk/5.0.4/Knowledge/CreateworkflowactionsinSplunkWeb

0 Karma

Matthias_BY
Communicator

Hi RT,

i'm looking to launch a email client with predefinied subject and body. so they have the chance to edit it and then send it out.

0 Karma

rturk
Builder

Hi Matthias,

Are you looking to send an email immediately after selecting the workflow link, or are you looking to launch a email client with the subject & body pre-filled for sending? I'm guessing the former, but thought I'd ask.

RT

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...