Usage of Splunk Commands: SENDEMAIL
This is a Splunk search command to send instant emails using SPL.
Prerequisites :
- Your mails server has to be configured to use this command. For Instance, Follow this below blog to configure gmail to send mails from splunk.
“How to Configure Email Alerting using Gmail SMTP in SPLUNK”
- Then To use sendemail command your role must have the schedule_search and list_settings capabilities added.
Usage :
- This command is used to send instant reports to any user via email without using any report or alert.
- This is very customizable in the sense of sending email. In addition, it has more than 20 functions to send a customizable email.
- We can use this command to check mail server is working or not.
Syntax :
| sendemail [to=<email list>] [from=<email_list>] [cc=<email_list>] [bcc=<email_list>] [subject=<string>] [format=csv | table | raw] [inline= <bool>] [sendresults=<bool>] [sendpdf=<bool>] [priority=highest | high | normal | low | lowest] [server=<string>] [width_sort_columns=<bool>] [graceful=<bool>] [content_type=html | plain] [message=<string>] [sendcsv=<bool>] [use_ssl=<bool>] [use_tls=<bool>] [pdfview=<string>] [papersize=letter | legal | ledger | a2 | a3 | a4 | a5] [paperorientation=portrait | landscape] [maxinputs=<int>] [maxtime=<int> m | s | h | d] [footer=<string>]
Required functions are in bold, else optional arguments.
Arguments :
| Arguments | Default value | Function |
| to=<email list> | – | List of email receiver email addresses separated by commas |
| from=<email_list> | – | List of email sender email addresses separated by commas |
| cc=<email_list> | – | List of CC separated by commas |
| bcc=<email_list> | – | List of BCC separated by commas |
| subject=<string> | – | Subject Line |
| format=csv | table | raw | table | – |
| inline= <bool> | false | – |
| sendresults=<bool> | false | – |
| sendpdf=<bool> | false | – |
| priority=highest | high | normal | low | lowest | normal | – |
| server=<string> | – | If the SMTP server is not local, then use this argument to specify the SMTP mail server to use when sending emails. Above all The <host> can be either the hostname or the IP address. therefore You have the option to specify the SMTP <port> that the Splunk instance should connect to. |
| width_sort_columns=<bool> | true | – |
| graceful=<bool> | false | – |
| content_type=html | plain | html | – |
| message=<string> | – | Additional messages |
| sendcsv=<bool> | false | – |
| use_ssl=<bool> | false | – |
| use_tls=<bool> | false | – |
| pdfview=<string> | – | Name of a view.xml file to send as a PDF. |
| papersize=letter | legal | ledger | a2 | a3 | a4 | a5 | letter | – |
| paperorientation=portrait | landscape | portrait | – |
| maxinputs=<int> | 50000 | |
| maxtime=<int> m | s | h | d | No limit | – |
| footer=<string> | “If you believe you’ve received this email in error, please see your Splunk administrator. Splunk > the engine for machine data.” | – |
Example 1:
index=_internal
| stats count by method
| sendemail to="sh********@gmail.com" sendresults=true subject="Weekly Report of Servers Health" format="table" inline=true priority=highest
Results:
Example 2:
If you set sendresults=true and inline=false and do not specify a format, a CSV file is attached to the email.
index=_internal
| stats count by method
| sendemail to="sh********@gmail.com" sendresults=true subject="Weekly Report of Servers Health" inline=false priority=highest
Results:
Hope you all enjoyed this blog “Usage of Splunk Commands: SENDEMAIL“. See you all on to the next one.
Happy Splunking!!
