Solved: emailing saved searches without csv attachment

voxel · ‎05-03-2010

is there any way i can configure a saved search that will send me the results, but rather than attaching the results as a CSV attachment, put the raw log with the search results inline inside the email?

id like to look at the emailed alerts via email on my blackberry without opening/downloading csv files.

the_wolverine · ‎09-13-2010

If you don't want inline results on a system-wide basis, you can configure results to be included inline by adding the following setting to a particular saved search (in saved searches.conf):

action.email.inline = 1

Obviously this requires access to the filesystem. I've filed an ER to make this a configurable option from the UI.

View solution in original post

the_wolverine · ‎09-13-2010

If you don't want inline results on a system-wide basis, you can configure results to be included inline by adding the following setting to a particular saved search (in saved searches.conf):

action.email.inline = 1

Obviously this requires access to the filesystem. I've filed an ER to make this a configurable option from the UI.

Simeon · ‎05-03-2010

There is an "inline" parameter in alert_actions.conf:

inline = <true | false>
    * Specify whether the search results are contained in the body of the alert email.
    * Defaults to false.

See more detail here:

http://www.splunk.com/base/Documentation/latest/Admin/Alertactionsconf

emailing saved searches without csv attachment

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!