Hi,
By default, Splunk will export CSV files attached as “splunk-results.csv” and deliver it in the email. Is there a way we can configure our custom file name? like "customname1.csv" or based on the saved search name?
Thanks,
V
Only option that I'm aware of is by updating the sendemail.py script. Be aware that the changes will wipe out during upgrade.
https://answers.splunk.com/answers/45903/custom-csv-filename-with-timestamp-in-email-alerts.html
https://answers.splunk.com/answers/1985/can-i-change-the-name-of-attachments-which-are-sent-via-sche...
As I had the same problem (and this is the first result on Google), I figured out a permanent solution that can be customized per alert.
In savedsearches.conf
, go to your alert, and add this line:
action.email.reportFileName = here-goes-your-filename-without-csv-extension
Splunk will then use that setting, add .csv
and attach that file to your alert email. As far as I understand it, every setting from alert_actions.conf can be overridden in savedsearches.conf, e.g.
# alert_actions.conf
[email]
reportFileName = something
equals
# savedsearches.conf
alert.email.reportFileName = something
Swap reportFileName
with the setting of your choice 😉
I tried this, it din't work.
Hi @vasanthmss
I noticed you upvoted @somesoni2's answer, but you didn't accept it. If his answer solved your question, please be sure to resolve the post by clicking "Accept" directly below his answer. Always do this for all of your questions that have a working answer.
Only option that I'm aware of is by updating the sendemail.py script. Be aware that the changes will wipe out during upgrade.
https://answers.splunk.com/answers/45903/custom-csv-filename-with-timestamp-in-email-alerts.html
https://answers.splunk.com/answers/1985/can-i-change-the-name-of-attachments-which-are-sent-via-sche...