Here is a sample anko script that attaches a csv file to an email
Below is "email-attach-example.ank", which is our example script for this use case. It will run a
query, download the results as a CSV, and attach it to an email.
var time = import("time")
# SET THESE VARIABLES
from = "loggy.logbot@gmail.com" #set your originating email address
to = [ "username@company.com" ] #list of users this is going to
my_name = "HANK" #name for a nice greeting
report_name = "query report XYZ" # email subject line
duration = 24 * time.Hour #24 hour duration
#query, we are going to send a CSV, so output to a table
query = `tag=syslog words sshd Accepted | regex "Accepted\s(?P<method>\S+)\sfor\s(?P<user>\S+)\sfrom\s(?P<ip>\S+)\s" | table user method ip TIMESTAMP`
#download as a CSV and send as a csv
download_format = "csv"
attachment_name = "report.csv"
#### WARNING !!! ##### no need to change anything beyond this line
#
#
#
end = time.Now()
start = end.Add(-1 * duration)
s, err = startSearch(query, start, end)
if err != nil {
return err
}
# Wait for the search to complete
for {
f, err = isSearchFinished(s)
if err != nil {
return err
}
if f {
break
}
time.Sleep(1 * time.Second)
}
# Figure out how many results there were
c, _, err = getAvailableEntryCount(s)
if err != nil {
return err
}
# Download the search as a CSV
res, err = downloadSearch(s.ID, download_format, start, end)
if err != nil {
return err
}
# Clean up the search
err = deleteSearch(s.ID)
if err != nil {
return err
}
# If there was more than 0 entries, send an email
summary = "Hello " + my_name + "\n"
summary += "Search results report for the following query\n"
summary += query
summary = "\n\nThere were " + c + " results between " + start.String() + " and " + end.String()
summary = "\n" + len(res) + " bytes attached as a CSV\n\n"
#attach using a map so that we get a name on the attachment
attch = map[interface]interface{}
attch[attachment_name] = res
email(from, to, report_name, summary, attch)
return nil