Hi, i have a requirement of combining multiple independent searches into a single excel/csv file and schedule a single email for sending the results.
can anyone help me out please?
You can use some combination of the following commands (read the dox and make a decision): inputcsv
, outputcsv
, loadjob
, savesearch
, sendemail
.
Thanks for your response. but i missed a point where i want all the results to be in separate tabs.
Impossible with native splunk but there may be something like this on splunkbase (I doubt it).
Thanks Woodcock for your help.
Schedule your multiple independent searches and update the lookup for each search using | outputlookup [append=true]. Then have another search scheduled at a slightly later point of time to read from this lookup and email the results
There is another solution where you can club all your independent searches into one search using append. You might hit into sub search limit issues this way
search1 append [search 2]
Thanks for your response. but i missed a point where i want all the results to be in separate tabs.