Spread our blog

Usage of Splunk Commands: SENDEMAIL

This is a Splunk search command to send instant emails using SPL.

Prerequisites :

  1. Your mails server has to be configured to use this command. For Instance, Follow this below blog to configure gmail to send mails from splunk.

How to Configure Email Alerting using Gmail SMTP in SPLUNK

  1. Then To use sendemail command your role must have the schedule_search and list_settings capabilities added.

Usage :

  1. This command is used to send instant reports to any user via email without using any report or alert.
  2. This is very customizable in the sense of sending email. In addition, it has more than 20 functions to send a customizable email.
  3. We can use this command to check mail server is working or not.

Syntax :

| sendemail [to=<email list>] [from=<email_list>] [cc=<email_list>] [bcc=<email_list>] [subject=<string>] [format=csv | table | raw] [inline= <bool>] [sendresults=<bool>] [sendpdf=<bool>] [priority=highest | high | normal | low | lowest] [server=<string>] [width_sort_columns=<bool>] [graceful=<bool>] [content_type=html | plain] [message=<string>] [sendcsv=<bool>] [use_ssl=<bool>] [use_tls=<bool>] [pdfview=<string>] [papersize=letter | legal | ledger | a2 | a3 | a4 | a5] [paperorientation=portrait | landscape] [maxinputs=<int>] [maxtime=<int> m | s | h | d] [footer=<string>]

Required functions are in bold, else optional arguments.

Arguments :

ArgumentsDefault valueFunction
to=<email list> –List of email receiver email addresses separated by commas
from=<email_list> –List of email sender email addresses separated by commas
cc=<email_list> –List of CC separated by commas
bcc=<email_list> –List of BCC separated by commas
subject=<string> –Subject Line
format=csv | table | rawtable –
inline= <bool>false –
sendresults=<bool>false –
sendpdf=<bool>false –
priority=highest | high | normal | low | lowestnormal –
server=<string> –If the SMTP server is not local, then use this argument to specify the SMTP mail server to use when sending emails. Above all The <host> can be either the hostname or the IP address. therefore You have the option to specify the SMTP <port> that the Splunk instance should connect to.
width_sort_columns=<bool>true –
graceful=<bool>false –
content_type=html | plainhtml –
message=<string> –Additional messages
sendcsv=<bool>false –
use_ssl=<bool>false –
use_tls=<bool>false –
pdfview=<string> –Name of a view.xml file to send as a PDF.
papersize=letter | legal | ledger | a2 | a3 | a4 | a5letter –
paperorientation=portrait | landscapeportrait –
maxinputs=<int> 50000
maxtime=<int> m | s | h | dNo limit –
footer=<string>“If you believe you’ve received this email in error, please see your Splunk administrator. Splunk > the engine for machine data.”   –

Example 1:

index=_internal 
| stats count by method 
| sendemail to="sh********@gmail.com" sendresults=true subject="Weekly Report of Servers Health" format="table" inline=true priority=highest

Results:

Example 2:

If you set sendresults=true and inline=false and do not specify a format, a CSV file is attached to the email.

index=_internal 
| stats count by method 
| sendemail to="sh********@gmail.com" sendresults=true subject="Weekly Report of Servers Health" inline=false priority=highest

Results:

Hope you all enjoyed this blog “Usage of Splunk Commands: SENDEMAIL“. See you all on to the next one.

You can also know about :  Understanding of Event Annotations in Splunk

Happy Splunking!!

What’s your Reaction?
+1
+1
+1
+1
2
+1
1
+1
1
+1

Spread our blog

LEAVE A REPLY

Please enter your comment!
Please enter your name here