I really like the sendresults command as it can send multiple rows together in a single email that all have the same email address (and not show the email address in the results table!). It takes the "Spunk Alert Mode: Once Per Result" to another level.
One thing that would be nice to see if we could also customize the subject/body of the email dynamically based on the results that are being sent. For example if i have index=foo | stats count by host, where each host sends to a different email address, I can customize the subject line to include the value of the host field, kinda like how we do the email addresses with email_to field.
Hi!
Thank you for your interest in the sendresults command. Currently that functionality is not available, but we are looking to release a new version of the command and this would make a great feature to add in. Should be easily doable.
We appreciate the feedback!
D.
in dashboards we pass variables around called tokens. I'm curious if you could pass a token to sendemail command.
$fieldname$ might work...
Here Ya go... Looks like $Results.fieldname$ works...
https://answers.splunk.com/answers/232152/how-to-create-a-token-from-a-field-email-id-and-pa.html
Hey thanks for the reply. Unfortunately that doesn't seem to work but you got the right idea as for what Im trying to do.
This if for the sendresults command from this app.
https://splunkbase.splunk.com/app/1794/