Pretty new to Splunk and looking for advice.
I’ve tried reviewing subsearches, map and foreach looping but I just can’t crack the syntax.
I have two indexes, one that stores computer hostname, ip, and a tag for a contact email.
The other index is scan data regarding missing patches by ip

Index=hostnames 
Hostname     ip_address Contact
Hostname1  192.x.x.1     Email1
Hostname2  192.x.x.2     Email2
Hostname3  192.x.x.3     Email3
Hostname4  192.x.x.4     Email4
Hostname5  192.x.x.5     Email2
Hostname6  192.x.x.6     Email3

Index=scandata
Ip             scanfindingname    scanfindingdescription
192.x.x.4   java-blah                   java-blah
192.x.x.2   java-blah                   java-blah
192.x.x.2   java-blah2                 java-blah2 

I have figured out how to get the search with a join ip to ip_address to display a table with a stats count hostname, ip, and contact email to show the hostname and total amount of findings.

Table where Contact=Email2:
Hostname       IP                   Contact       Count
Hostname2     192.x.x.2           Email2         2
Hostname5     192.x.x.5           Email2         1

I cannot figure out how to create an automated email for each email address from the hostnames index.
It's essentially 3 queries.

1. Get list of email addresses from contact field in hostname index (dedup contact) [Email1, Email2, Email3]
2. Find Scan data by ip and grab the hostname and total found by hostname where contact = $Email$
3. Email table to $Email$ Any advice is appreciated.