When we trigger an email through splunk we want to display 3 tables with different resultset. Is there any option to configure more than one splunk query to single email alert?
Please help with your inputs.
Asked
Active
Viewed 1,752 times
2 Answers
0
you can crate a dashboard with these 3 tables and then publish that dashboard in an email. not sure if dashboard can be converted in to an alert.
Rohit
- 339
- 1
- 5
- 16
0
Take a look at the approach here:
https://answers.splunk.com/answers/111602/trigger-a-pdf-via-the-command-line.html
You can create dashboard with many searches and graphs, schedule it with PDF schedule.
Then you can create a different shell script that runs the dashboard's pdf to email:
!/bin/bash
curl -k -u admin:password
https://localhost:8089/servicesNS/admin/search/saved/searches/_ScheduledView__mypdf/dispatch -d trigger_actions=1
After that you can set an alert that runs this shell scripts:
[whatever_alert]
action.script = 1
action.script.filename = whatever_pdf_trigger.sh
cron_schedule = */10 * * * *
dispatch.earliest_time = -2m@m
dispatch.latest_time = now
displayview = flashtimeline
enableSched = 1
counttype = number of events
relation = greater than
quantity = 0
search = index=ops | head 2
barkai36
- 186
- 1
- 4