Summary Email Configuration

Summary Emails are emails generated by Anomaly Detective that summarize all activity over a preceding time period. It is very easy to set up daily or weekly summaries. Summaries over other periods can also be configured to run automatically if you understand Splunk time range modifiers and cron schedules, or generated on a one-off basis using the “Test” function.

To set up a new Summary Email

  1. In the top level menu, click on Configure then Summary Emails
  2. Select New Summary Email and a tabbed dialog will open

Details

Splunk Server settings > Email settings are required to be correctly configured in order for summary emails to be sent.

Field Description
Summary name Unique name for the Summary email. Must not contain whitespace or characters that cause problems in file names. Cannot be edited.
Send email How frequently should the summary email be sent? The daily option sends an email summarizing the previous day’s activity shortly after 7am (in the timezone of the Splunk server that sends the email). The weekly option sends an email on Sundays summarizing activity between the start of the previous Sunday and the end of the previous Saturday. The custom schedule option allows you to configure any schedule and reporting period you require.
Time range Only shown when a custom schedule is selected. Enter the earliest and latest time ranges for the summary period in Splunk relative time format. For example, to summarize all activity from yesterday set earliest to -1d@d latest to -1s@d.
Cron schedule Only shown when a custom schedule is selected. Enter a cron schedule to specify when the summary should be generated. The email will be sent once the summary information has been collected, so will be a little later. Do not schedule the summary too close to the end of the period to be summarized, as the data for the summary period may still be changing.
Email to The email address(es) of the alert recipient(s). Separate multiple addresses with commas.
Email CC The email address(es) to be copied on the email. Separate multiple addresses with commas. Leave blank if nobody is to be copied.
Email subject The email subject line. May contain string substitution for “$score$”. Additionally for Influencer Insights, may contain influencer string substitution e.g. $user$ or $clientip$
Email body preamble Introductory text which will be included at the beginning of each email. If this is left blank the email body will contain just the Insight summary. Note: this does not accept string substitutions.
Email summary title Only shown when a custom schedule is selected. The banner heading that goes at the top of the summary section of the email. (For simple daily emails this is “Daily Insight Digest”, and for simple weekly emails it is “Weekly Insight Digest”.)
View link locale The locale that will be used for embedded links contained within the email body, e.g. en-US.

Advanced Settings

It is unlikely that these advanced settings will need to be changed. If required, please contact support@prelert.com before changing.

Field Description
Results index

The index that stores Prelert results.

Default is prelertresults.

This page

Browse

You are here