I really like the sendresults command as it can send multiple rows together in a single email that all have the same email address (and not show the email address in the results table!). It takes the "Spunk Alert Mode: Once Per Result" to another level.
One thing that would be nice to see if we could also customize the subject/body of the email dynamically based on the results that are being sent. For example if i have index=foo | stats count by host, where each host sends to a different email address, I can customize the subject line to include the value of the host field, kinda like how we do the email addresses with email_to field.
↧