Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Send emails to users based on different condtions

c_krishna_gutur
Explorer
‎02-13-2017 09:03 PM

Hello Everyone, there is a requirement in which i need to send emails to different groups based on conditions, i heard that i can solve it by using scripts, as i am novice to splunk can anyone provide me sample example to achieve this. Even it is more helpful if you provide the script in .js file.
Thanks in Advance.

Tags (1)
0 Karma
Reply

nickhills
Ultra Champion
‎02-14-2017 04:26 AM

You could use a scripted alert to achive this, but there are some hoops to jump through.

You will need to write a script to parse the fields sent with the 8th alert argument. You can then based on these values take a different action (destination address) based on the result.

There is a good example here using a python wrapper to do something similar
https://answers.splunk.com/answers/149836/how-to-run-an-alert-script-on-field-values-generated-in-sp...

If my comment helps, please give it a thumbs up!
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-14-2017 04:26 AM

Here's a crude approach:

base search yielding a field range | eval recipient = case(range<=30, "groupa@example.com", range<=50, "groupb@example.com", true(), "groupc@example.com")

Then configure the alert's email to field to be $result.recipient$. The email will then be sent to the value of the recipient field in the first result row.

Once you're happy with the basic functionality you should consider moving the list of recipients out to macros or lookups in order to not have to touch many alerts when an email or range changes.

Reply

nickhills
Ultra Champion
‎02-14-2017 01:15 AM

what do you mean "conditions"?

If you can isolate each "condition" into a seperate alert, you dont need to use scripts at all - simply configure each alert to email the relevent team.

There may be a cases (i can think of a few) where this would be less ideal, but perhaps you can give us some examples of what the data/conditions are in your use case.

If my comment helps, please give it a thumbs up!
0 Karma
Reply

c_krishna_gutur
Explorer
‎02-14-2017 04:13 AM

Thanks for the reply nick.
Lets consider that i have range of marks that is from 10-30, 31-50,51-100, i need to send emails to 3 different groups based on the range of marks, all the above range of marks resulted in single query. If the marks range is 10-30 email has to trigger to A group, if the marks range is between 31-50 email has to trigger to B group else C group,

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...