Reporting

Take csv outputs from multiple searches and send in email

rlautman
Path Finder

I have 4 separate searches that run nightly and each produces a csv output which is sent via email - is it possible to take each of these separate csvs and, keeping them as separate files, send them together in one email?

0 Karma
1 Solution

kristian_kolb
Ultra Champion

I guess that you could do it via a script (even independent of splunk) that runs at, say 06.00, and picks the four files as attachments (since the filenames/paths are known).

View solution in original post

yannK
Splunk Employee
Splunk Employee

you could outputcsv the 4 results, then have a 5th search that append all the csv togethers and email the result.

example with 2 searches generating a unique csv per search : (erasing the previous day result eachtime)

<mysearch1> | table fieldA fieldB | outputcsv resultsearch1.csv

<mysearch2> | table fieldA fieldB | outputcsv resultsearch2.csv

then the alert regrouping all the results (to be scheduled to run after)

|inputcsv resultsearch1.csv | append [ inputscsv resultsearch2.csv ] | table fieldA field B

rlautman
Path Finder

Thanks YannK - I had considered this but each csv must remain separate as each is showing different results

0 Karma

rlautman
Path Finder

Thanks, I was quite sure this would be the solution - I just wanted to check if there was a way I could do it using a scheduled search. Can you put your comment as an answer and I will considered the question answered? Thanks for the quick reply 🙂

0 Karma

kristian_kolb
Ultra Champion

I guess that you could do it via a script (even independent of splunk) that runs at, say 06.00, and picks the four files as attachments (since the filenames/paths are known).

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...