Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you help me figure out this error I'm getting with a search using the sendemail command?

vumanhtai
Path Finder
‎02-12-2019 01:05 AM

Hi Splunk Team!

I have a query as shown below:

my search | outputlookup emailspam.csv | sendemail  from= server=  subject=Alert message="text"  to=[|inputlookup emailspam.csv]

In general, my search prints all the result emails to file "emailspam.csv", and later on, I use this file as the receiving addresses. However, after running this query, I got an error : 

command="sendemail", {} while sending mail to

I know the issue comes from " to=[|inputlookup emailspam.csv]"

I want to send all emails in file emailspam.csv

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DMohn
Motivator
‎02-12-2019 02:20 AM

Assuming your CSV contains a list of email adresses, you have to convert this to a comma-separated string of recipients.

Try the following:

my search | outputlookup emailspam.csv | sendemail from= server= subject=Alert message="text" [|inputlookup emailspam.csv | mvcombine email| eval to=mvjoin(email,", ") | return to]

This assumes you have one field in your CVS named email. Change the command if needed.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

DMohn
Motivator
‎02-12-2019 02:20 AM

Assuming your CSV contains a list of email adresses, you have to convert this to a comma-separated string of recipients.

Try the following:

my search | outputlookup emailspam.csv | sendemail from= server= subject=Alert message="text" [|inputlookup emailspam.csv | mvcombine email| eval to=mvjoin(email,", ") | return to]

This assumes you have one field in your CVS named email. Change the command if needed.

0 Karma
Reply
Solved! Jump to solution

vumanhtai
Path Finder
‎02-12-2019 05:37 AM

thank DMohn!

0 Karma
Reply
Solved! Jump to solution

DMohn
Motivator
‎02-12-2019 02:05 AM

Can you post an example of your |inputlookup output, e.g. how the CSV file looks like?

0 Karma
Reply
Solved! Jump to solution

vumanhtai
Path Finder
‎02-12-2019 05:18 AM

Hi DMohn!
file emailspam.csv:
from
email1
email2
email3
email4

0 Karma
Reply
Solved! Jump to solution

DMohn
Motivator
‎02-12-2019 05:30 AM

In that case you can use the query I stated in the answer below, just replace the email field with from

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...