Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

email "To" list from search results

rv6abob
Engager
‎09-30-2010 05:55 PM

Any way to make a scheduled searches "To" list be a result field from a search?

Tags (2)
0 Karma
Reply

Lowell
Super Champion
‎09-30-2010 07:17 PM

I tried some other "tricks" but nothing seemed acceptable. I'm fairly confident you could do something like this using map. Something like:

 <email lookup search> | stats values(email) as to | eval to=mvjoin(to, ",") | map search=" <the real search> | sendemail to=\"$to$\""`

But that gets pretty ugly really quick (especially if you have many double quotes), and there are other limitations too.

I think the only real answer is to make your own email sending search command that can be told to use some sort of field substitution within the "to" field. Which admittedly would be nice and I could that that being helpful for other fields too, like the subject line.

If you want to go down that road, be sure to check out the existing sendemail search command. You can find the existing code here: $SPLUNK_HOME/etc/apps/search/bin/sendemail.py It's probably a better idea to copy this instead of modifying the existing one since it will be overwritten by any splunk upgrades.

Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...