- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- Possible to override "sendemail"?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Possible to override "sendemail"?
I tried to create a customized version of sendemail.py and named it "sendemail2.py"
As I know normally we should be able to override a search command by a copy of commands.conf in $SPLUNK_HOME/etc/system/local/commands.conf or $SPLUNK_HOME/etc/system/local/commands.conf.
However, I've tried both locations still see Splunk looking for sendemail.py in default location $SPLUNK_HOME/etc/apps/search/bin/sendemail.py
Is there any workable way to create own version of sendemail without changing the original copy?
[sendemail]
filename = sendemail2.py
streaming = false
run_in_preview = false
passauth = true
required_fields =
changes_colorder = false
supports_rawargs = true
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So you want to basically change the code that calls the sendemail.py routines... Hhmmmm I don't have access to all the information for a definitive answer, but I would assume that the routines calling upon sendemail.py might be (partially) hardcoded into the program and as such unchangeable.
Anyone from the development team reading this thread, feel free to chip in.! 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Probably I forgot to restart.
Now I can confirm having the commands.conf above can allow us to override the existing sendemail.py script.
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Would is not be an option to save to original to a secondary (archive) location and then replace it with your customized version? If something goes wrong with you version, you could simply copy the original back from the archive, restart the services and it should be back up and running again...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is an option (and done in the past) but does not answer my question above "Is there any workable way to create own version of sendemail without changing the original copy?" meaning sendemail.py
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you restart the splunk service? you should be able to use the customized version of Sendmail file.
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
