Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you help me figure out this error I'm getting with a search using the sendemail command?

vumanhtai
Path Finder
‎02-12-2019 01:05 AM

Hi Splunk Team!

I have a query as shown below:

my search | outputlookup emailspam.csv | sendemail  from= server=  subject=Alert message="text"  to=[|inputlookup emailspam.csv]

In general, my search prints all the result emails to file "emailspam.csv", and later on, I use this file as the receiving addresses. However, after running this query, I got an error : 

command="sendemail", {} while sending mail to

I know the issue comes from " to=[|inputlookup emailspam.csv]"

I want to send all emails in file emailspam.csv

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DMohn
Motivator
‎02-12-2019 02:20 AM

Assuming your CSV contains a list of email adresses, you have to convert this to a comma-separated string of recipients.

Try the following:

my search | outputlookup emailspam.csv | sendemail from= server= subject=Alert message="text" [|inputlookup emailspam.csv | mvcombine email| eval to=mvjoin(email,", ") | return to]

This assumes you have one field in your CVS named email. Change the command if needed.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

DMohn
Motivator
‎02-12-2019 02:20 AM

Assuming your CSV contains a list of email adresses, you have to convert this to a comma-separated string of recipients.

Try the following:

my search | outputlookup emailspam.csv | sendemail from= server= subject=Alert message="text" [|inputlookup emailspam.csv | mvcombine email| eval to=mvjoin(email,", ") | return to]

This assumes you have one field in your CVS named email. Change the command if needed.

0 Karma
Reply
Solved! Jump to solution

vumanhtai
Path Finder
‎02-12-2019 05:37 AM

thank DMohn!

0 Karma
Reply
Solved! Jump to solution

DMohn
Motivator
‎02-12-2019 02:05 AM

Can you post an example of your |inputlookup output, e.g. how the CSV file looks like?

0 Karma
Reply
Solved! Jump to solution

vumanhtai
Path Finder
‎02-12-2019 05:18 AM

Hi DMohn!
file emailspam.csv:
from
email1
email2
email3
email4

0 Karma
Reply
Solved! Jump to solution

DMohn
Motivator
‎02-12-2019 05:30 AM

In that case you can use the query I stated in the answer below, just replace the email field with from

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...