Use the sendemail command to generate email notifications. You can email search results to specified email addresses.
Syntax: sendemail to= < email_list >

• Required arguments:
  to:- 
         o Syntax: to= < email_list>
         o Description: List of email addresses to send search results to specify email addresses in a
                                 comma-separated and quoted list.
         o Example: sendemail to=”abc@gmail.com, xyz@gmail.com”

• To demonstrate this command we will use the “Send Email from dashboard Using sendemail command” dashboard.

• In above dashboard :-

  1. Time range picker:-  to select time range
  2. Text field: – Used this field to enter email id, we can enter multiple email separated by comma delimiter within quotes.
  3. Submit Button: – the results will generate and sent over mail id after hitting the Submit Button.

• Query Used for the dashboard is as follow:-

index=* | stats count by sourcetype| sendemail to=”$field$” subject=failed_login sendresults=true server=localhost graceful=true

  1. In the above query we will get statistics result.
  2. Sendemail attribute:- here email id will be dropped form text field above in panel.
  3. Sendresults attribute:- to get the results attached with the mail.
  4. Server attribute:- mail server used to works this command fine.
  5. Graceful attribute:-it is used to show result in panel if we keep mail id text field blank.

• Now the result should get on email id.

If you are still facing issue regarding sendemail command in splunk Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on 👍 Social Networks, happy Splunking >😉