Reporting

Mass emailing custom user reports?

rturk
Builder

Hello Splunkers!

A question I was asked recently was whether Splunk could be used to generate potentially thousands of custom emailed reports of things such as an individuals data/phone usage over any given month.

While I have no doubt that I could create a report detailing use for ALL users and export that to a CSV, creating individual reports and emailing them to said individuals seems to be on the outer fringes of what you'd want/expect Splunk to do.

Any thoughts?

Tags (2)
0 Karma
1 Solution

amit_saxena
Communicator

Hi,

This technically seems feasible however as I don't have the data with me, I can't try it out and confirm.

Right now, you have records for "n" users spread over overall "m" rows. Use search commands to manipulate the search output in such a way that all the rows corresponding to a specific user is listed and concatenated in one line instead of multiple lines. In other words, use search commands to do a "group by" on the output on the basis of the users. Once this is done, you will have one row ( having concatenated records ) for each user.

Now, create an alarm action to call any script which will be called on each individual row. Since the record text is available as the contents of the environment variable, you have the text that needs to be incorporated in the body of the email with in your script. After this, all you have to do is to send an email.

Let me know if this works for you.

Regards,
Amit Saxena

Regards,
Amit Saxena

View solution in original post

0 Karma

amit_saxena
Communicator

Hi,

This technically seems feasible however as I don't have the data with me, I can't try it out and confirm.

Right now, you have records for "n" users spread over overall "m" rows. Use search commands to manipulate the search output in such a way that all the rows corresponding to a specific user is listed and concatenated in one line instead of multiple lines. In other words, use search commands to do a "group by" on the output on the basis of the users. Once this is done, you will have one row ( having concatenated records ) for each user.

Now, create an alarm action to call any script which will be called on each individual row. Since the record text is available as the contents of the environment variable, you have the text that needs to be incorporated in the body of the email with in your script. After this, all you have to do is to send an email.

Let me know if this works for you.

Regards,
Amit Saxena

Regards,
Amit Saxena

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...