I have some troubles with email sent from Splunk with some Alerts, debugging this takes a lot of time, i have to wait for the alert to trigger and check the log. Then i thought, is there anyway i can send mail immediately when i do a search instead of waiting for the alert triggered. Fortunately, the solution is already there : the sendemail command.* | top 5 host | sendemail to="[email protected]" sendresults=true inline=true
My thought: we just need to thing about a different way to do our daily routine, there will be a better way to do it.
2024-05-10