Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to set the search result as an email alert?

rck
New Member
‎02-06-2016 05:23 AM

How to set an email alert for the results of this search:

sourcetype="rum" u=*  |where t_done >10000

I tried as per the email setting procedure, but I did not get the email.
Please say the step-by-step procedure.

0 Karma
Reply

chimell
Motivator
‎02-08-2016 12:45 AM

HI

You can configure email notifications when you save a search as an alert. You can also configure email notifications for when editing an alert's actions. The procedure is the same in both cases.

After running a search, save the search as an alert and configure email notification settings.

1) Run the search.
2) Select **Save As > Alert.**
3) Provide a Title and other information about the alert.
4) From the Add Actions menu, select Send email.

alt text

   5) Specify the following:

To, CC, and BCC email recipients.
Specify a comma-separated list of email recipients.
Priority
Enforcement of priority depends on your email client.
Subject
Message
Include
You can include the following items:

Information about the search
  Link to the alert
  Search string
  Trigger condition
  Trigger time

Information about search results
  Link to results
  Inline listing of results, as a table, raw events, or CSV file
  Results as a PDF attachment
  Results as a CSV attachment
Type
Select HTML & Plain Text (multi-MIME message) or Plain Text


6) Specify other alert actions.

See set up alert actions for more information.

7) Click Save.

to complete what i am saying click on http://docs.splunk.com/Documentation/Splunk/6.3.3/Alert/Emailnotification

you can also use Sendemail command to use it see this link :
http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchReference/Sendemail

Preview file
1 KB
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-16-2016 12:11 PM

You should not send emails to example.com, use your actual email address to test.

0 Karma
Reply

rck
New Member
‎02-16-2016 03:16 AM

while i running the query
sourcetype="rum" u=* |where t_done >10000 | sendemail to="example.com".
I get this error
command="sendemail", [Errno 11004] getaddrinfo failed while sending mail to: example.com.
what Can i do?

0 Karma
Reply

chimell
Motivator
‎02-16-2016 05:07 AM

click on the link that i gave you and see example
you must be connected to internet

0 Karma
Reply

chimell
Motivator
‎03-14-2016 02:07 AM

hi
look at the following example

Send an email notification with a PDF attachment, a message, and raw inline results.

index=_internal | head 5 | sendemail to=example@splunk.com server=mail.example.com subject="Here is an email from Splunk" message="This is an example message" sendresults=true inline=true format=raw sendpdf=true
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-06-2016 05:53 AM

Make sure you've configured a working email server under Settings -> Server Settings -> Email Settings.

0 Karma
Reply

rck
New Member
‎02-06-2016 05:57 AM

i also done the email setting please say the procedure to get the email in pdf format

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-06-2016 06:40 AM

Check the PDF box as described here: http://docs.splunk.com/Documentation/Splunk/6.3.3/Alert/Emailnotification#Configure_email_notificati...

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...