Solved: Take csv outputs from multiple searches and send i...

rlautman · ‎05-17-2013

I have 4 separate searches that run nightly and each produces a csv output which is sent via email - is it possible to take each of these separate csvs and, keeping them as separate files, send them together in one email?

kristian_kolb · ‎05-17-2013

I guess that you could do it via a script (even independent of splunk) that runs at, say 06.00, and picks the four files as attachments (since the filenames/paths are known).

View solution in original post

yannK · ‎05-17-2013

you could outputcsv the 4 results, then have a 5th search that append all the csv togethers and email the result.

example with 2 searches generating a unique csv per search : (erasing the previous day result eachtime)

<mysearch1> | table fieldA fieldB | outputcsv resultsearch1.csv

<mysearch2> | table fieldA fieldB | outputcsv resultsearch2.csv

then the alert regrouping all the results (to be scheduled to run after)

|inputcsv resultsearch1.csv | append [ inputscsv resultsearch2.csv ] | table fieldA field B

rlautman · ‎05-24-2013

Thanks YannK - I had considered this but each csv must remain separate as each is showing different results

rlautman · ‎05-17-2013

Thanks, I was quite sure this would be the solution - I just wanted to check if there was a way I could do it using a scheduled search. Can you put your comment as an answer and I will considered the question answered? Thanks for the quick reply 🙂

kristian_kolb · ‎05-17-2013

I guess that you could do it via a script (even independent of splunk) that runs at, say 06.00, and picks the four files as attachments (since the filenames/paths are known).

Take csv outputs from multiple searches and send in email

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!