Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk alert - querying a lookup to send mails to respective id, with complete row information

Le
Observer
‎02-22-2024 03:36 AM

I have a lookup file like below, the query should send mails to each person with that respective row information. and if mail1 column is empty, then query should consider mail2 column value to send mails. and if mail2 column is empty, the query should consider mail3 column value to send mail. and if mail1, mail2 are empty then query should consider mail3 column value to send mail.

Empoccupationlocationfirstmailsecondarymailthirdmail
abcaaahhhaa@mail.comgg@mail.com
defghjkggggbb@mail.comff@mail.com
ghilmoiiii hh@mail.com
jklprejjj  dd@mail.com
mnoswqkkkaa@mail.comii@mail.com

 

example, aa@mail.com..should receive mail like below in tabluar format

Empoccupationlocationfirstmailsecondarymailthirdmail
abcaaahhhaa@mail.comgg@mail.com
mnoswqkkkaa@mail.comii@mail.com

 

so likewise query should read complete table and send mails to persons individually....containing that specific row information in tabluar format. Please help me with the query and let me know incase of any clarification on the requirement.

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-22-2024 06:27 AM

You could construct your search so that each row has a field with the name of the recipients. Then set up the alert so that it triggers for every result. Then use the $row.field$ token as the recipient in the trigger action.

Note that this will mean that the recipients will get multiple emails if their address appears in more than one row of the report.

0 Karma
Reply

Le
Observer
‎02-22-2024 06:50 PM

Thank you for it but i need one mail to be sent though a recipient has multiple rows of data.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-23-2024 01:19 AM

In that case, gather all the information for each user into a single row for that user or submit an idea to Splunk to try to get the functionality changed.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...