How to change name of attachments in email alert a...

Melnikovin · ‎10-31-2015

Hi.

In Splunk 6.2 in alerts with email action, all CSV Attachments have a name like "splunk_results.csv" by default. After installation of 6.3, the default name was changed to $name$ token(name of alert).
If I use Russian language in the alert name, I got something like this in half of cases:
"п║п©п╦я│п╬п╨п╫п╬п╡я▀я┘я┐я│я┌п╟п╫п╬п╡п╬п╨_п╥п╟п©я-2015-10-20.csv"

So how can I rename the name of the attached CSV file?

stephane_cyrill · ‎10-31-2015

Hi, you can modify the default splunk python script, as this is the script that actually send the emails. It resides in:
$SPLUNK_HOME/etc/apps/search/bin/sendemail.py . To rename the attached csv name , rename the default filename (
filename = "splunk-results.csv")
I advice you to see this:

https://answers.splunk.com/answers/2641/how-do-i-customize-scheduled-search-alert-emails.html

Melnikovin · ‎11-01-2015

Thank you. I wiil try.

How to change name of attachments in email alert action in Splunk 6.3?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life