Privileged Access Management (PAM) Admin has a PAM scheduled job that runs every six months.  They want to notify an email distribution when this job runs successfully, so their end-users know the password has been rotated successfully.  They currently have PAM integrated into Splunk

Here is a sample message that comes across when a scheduled job runs successfully in Splunk:

metric DETAIL <Metric><type>updateTargetAccountPassword</type><level>1</level><description><hashmap><k>commandInitiator</k><v>SCHEDULER</v><k>jobName</k><v>"<Job Name>"</v><k>groupID</k><v>30001</v><k>useSamePassword</k><v>false</v><k>x_generatePassword</k><v>true</v><k>initiatingUser</k><v>super</v><k>TargetAccount.passwordVerified</k><v>null</v><k>password</k><v></v><k>confirmPassword</k><v></v><k>x_useTargetGroup</k><v>true</v></hashmap></description><errorCode>0</errorCode><userID>ScheduledJob</userID><success>true</success><originatingIPAddress></originatingIPAddress><originatingHostName></originatingHostName><extensionType></extensionType></Metric>

Using the following search parameters in Splunk:

<k>commandInitiator</k><v>SCHEDULER</v>

<k>jobName</k><v>"<Job Name>"</v>

<userID>ScheduledJob</userID>

<success>true</success>

Just replace the name "<Job Name>"  with the actual job name you want to be notified on.

Then save it as an Alert, which in Splunk, has an Alert Type of emails to notify recipients in real-time.