Solved: Re: Splunk Email Alerts Change

jmheaton · ‎05-13-2014

So we recently upgraded to v6.1 and through all the changes to the emails, the biggest thing that we miss is that the borders are gone on the chart/table emails. Has anyone found a way to get these back? A lot of our emails have become much harder to read now that they are missing.

MuS · ‎05-14-2014

Hi jmheaton,

I would not copy the old sendemail.py from any Splunk < 6.x Version into Splunk v6.x. There were too many changes in the script itself.

If you take a closer look at the sendemail.py script at $SLPUNK_HOME/etc/apps/search/bin/ you can find at line 636 something like this:

        <table cellpadding="0" cellspacing="0" border="0" class="results" style="margin: 20px;">

this is the start of the result table. You can see it has set border="0", I assume if you change it to border="1" you will get back the borders. This is un-tested!

Also keep in mind, that changes in this script can be overwritten by a Splunk update without notice, so be careful.

hope this helps ...

cheers, MuS

View solution in original post

blebit · ‎06-26-2014

MuS,

My table has changed colors 😞

linu1988 · ‎06-26-2014

def htmlTableTemplate

`<th style="text-align: left;

add color: blue/red.. for splunk 6`

blebit · ‎06-26-2014

w.writerow(header)
# output each result's values
for result in results:
row = [esc(result.get(col,"")) for col in header]
w.writerow(row)
return s.getvalue()

COL is for COLUMN or for COLOR ?

MuS · ‎06-26-2014

look for something like header in the sendemail.py script and see if there is any color set, if yes change it to your needs.

blebit · ‎06-26-2014

header color is changed

blebit · ‎06-26-2014

version...upgrade from 5.0.3 to 6.0.4

MuS · ‎06-26-2014

well, what have you changed?

MuS · ‎05-14-2014

Hi jmheaton,

I would not copy the old sendemail.py from any Splunk < 6.x Version into Splunk v6.x. There were too many changes in the script itself.

If you take a closer look at the sendemail.py script at $SLPUNK_HOME/etc/apps/search/bin/ you can find at line 636 something like this:

        <table cellpadding="0" cellspacing="0" border="0" class="results" style="margin: 20px;">

this is the start of the result table. You can see it has set border="0", I assume if you change it to border="1" you will get back the borders. This is un-tested!

Also keep in mind, that changes in this script can be overwritten by a Splunk update without notice, so be careful.

hope this helps ...

cheers, MuS

MuS · ‎05-14-2014

you're welcome 😉

jmheaton · ‎05-14-2014

Their are two lines in the sendemail.py script that i found with that data string. The first one edits the top table with elements such as the Search String / Alert Name. The second however was the one that put the border back on the cells. Thanks much!

linu1988 · ‎05-13-2014

if you have any other older version of splunk just copy replace the sendemail.py file.

Splunk Email Alerts Change

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...