Search Reference

 


sendemail

sendemail

Use the sendemail command to generate email notifications.

Synopsis

Emails search results to specified email addresses.

Syntax

sendemail to=<email_list> [from=<email_list>] [cc=<email_list>] [bcc=<email_list>] [format= (csv | table | raw)] [inline= <bool>] [sendresults=<bool>] [sendpdf=<bool>] [priority=( highest | high | normal | low | lowest)] [server=<string>] [width_sort_columns=<bool>] [graceful=<bool>] [message=<string>] [sendcsv=<bool>] [use_ssl=<bool>] [use_tls=<bool>] [pdfview=<string>] [papersize=(letter | legal | ledger | a2 | a3 | a4 | a5)] [paperorientation=(portrait | landscape)] [maxinputs=<int>] [maxtime=<int>m | s | h | d] [footer=<string>]

Required arguments

to
Syntax: to=<email_list>
Description: List of email addresses to send search results to.

Optional arguments

bcc
Syntax: bcc=<email_list>
Description: Blind cc line; comma-separated and quoted list of valid email addresses.
cc
Syntax: cc=<email_list>
Description: Cc line; comma-separated quoted list of valid email addresses.
format
Syntax: format= csv | table | raw
Description: Specifies how to format inline results. Defaults to table.
footer
Syntax: footer=<string>
Description: Specify an alternate email footer. Defaults to "If you believe you've received this email in error, please see your Splunk administrator.\r\n\r\nsplunk > the engine for machine data."
from
Syntax: from=<email_list>
Description: Email address from line. Defaults to "splunk@<hostname>".
inline
Syntax: inline= true | false
Description: Specifies whether to send the results in the message body or as an attachment. Attachments are provided as csv. Defaults to true.
graceful
Syntax: graceful= true | false
Description: If set to true, no error is thrown, if email sending fails and thus the search pipeline continues execution as if sendemail was not there. Defaults to false.
maxinputs
Syntax: maxinputs = <integer>
Description: Set the maximum number of search results sent via alerts. Defaults to 50000.
maxtime
Syntax: maxtime = <integer>m | s | h | d
Description: The maximum amount of time that the execution of an action is allowed to take before the action is aborted. Defaults to no limit.
message
Syntax: message=<string>
Description: Specifies the message sent in the email. If sendresults=true, message defaults to "Search complete." If sendresults=true, inline=true, and either sendpdf=false or sendcsv=false, message defaults to "Search results." If sendpdf=true or sendcsv=true, message defaults to "Search results attached."
paperorientation
Syntax: paperorientation = portrait | landscape
Description: Paper orientation: portrait or landscape. Defaults to "portrait".
papersize
Syntax: papersize = letter | legal | ledger | a2 | a3 | a4 | a5
Description: Default paper size for PDFs. Acceptable values: letter, legal, ledger, a2, a3, a4, a5. Defaults to "letter".
pdfview
Syntax: pdfview=<string>
Description: Name of view to send as a PDF.
priority
Syntax: priority=highest | high | normal | low | lowest
Description: Set the priority of the email as it appears in the email client. Lowest or 5, low or 4, high or 2, highest or 1. Defaults to normal or 3.
sendcsv
Syntax: sendcsv=true | false
Description: Specify whether to send the results with the email as an attached csv file or not. Defaults to false.
sendpdf
Syntax: sendpdf=true | false
Description: Specify whether to send the results with the email as an attached PDF or not. For more information about using Splunk's integrated PDF generation functionality, see "Generate PDFs of your reports and dashboards" in the Reporting Manual. Defaults to false.
sendresults
Syntax: sendresults=true | false
Description: Determines whether the results should be included with the email. Defaults to false.
server
Syntax: server=<string>
Description: If the SMTP server is not local, use this to specify it. Defaults to localhost.
subject
Syntax: subject=<string>
Description: Specifies the subject line. Defaults to "Splunk Results".
use_ssl
Syntax: use_ssl=true | false
Description: Whether to use SSL when communicating with the SMTP server. When set to 1 (true), you must also specify both the server name or IP address and the TCP port in the "mailserver" attribute. Defaults to 0 (false).
use_tls
Syntax: use_tls=true | false
Description: Specify whether to use TLS (transport layer security) when communicating with the SMTP server (starttls). Defaults to 0 (false).
width_sort_columns
Syntax: width_sort_columns=true | false
Description: This is only valid for plain text emails. Specifies whether the columns should be sorted by their width. Defaults to true.

Examples

Example 1: Send search results in table format with the subject "myresults".

... | sendemail to="elvis@splunk.com,john@splunk.com" format=raw subject=myresults server=mail.splunk.com sendresults=true

Example 2: Send search results to the specified email. By default, the results are formatted as raw.

... | sendemail to="elvis@splunk.com" sendresults=true

Example 3: Send an email notification with a pdf attachment, a message, and raw inline results.

index=_internal | head 5 | sendemail to=example@splunk.com server=mail.example.com subject="Here is an email from Splunk" message="This is an example message" sendresults=true inline=true format=raw sendpdf=true

Answers

Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the sendemail command.

This documentation applies to the following versions of Splunk: 6.1 , 6.1.1 , 6.1.2 , 6.1.3 , 6.1.4 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!