https://community.splunk.com/t5/All-Apps-and-Add-ons/Linux-DHCP-and-emails/m-p/67708#M4186 <BLOCKQUOTE> <P>In any case, you will want to change<BR /> the "Email address(es)" from<BR /> "<A href="mailto:example@example.com">example@example.com</A>" to your desired<BR /> email address or distribution list.</P> </BLOCKQUOTE> <P>This app is sending close to 100 messages every day. They all go to '<A href="mailto:example@example.com">example@example.com</A>' which is bouncing around the email system. By default email on most Linux systems will have the 'From:' address of '<A href="mailto:splunk@somehost.yourorganization.org">splunk@somehost.yourorganization.org</A>', which also goes nowhere (Or perhaps it goes to <A href="mailto:postmaster@yourorganization.org">postmaster@yourorganization.org</A>). This results in hundreds of double-bounced emails which remain in email purgatory.</P> <P>How would one change this email address? I cannot find that setting anywhere.</P> Fri, 21 Sep 2012 22:02:34 GMT stefanlasiewski 2012-09-21T22:02:34Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Linux-DHCP-and-emails/m-p/67708#M4186 <BLOCKQUOTE> <P>In any case, you will want to change<BR /> the "Email address(es)" from<BR /> "<A href="mailto:example@example.com">example@example.com</A>" to your desired<BR /> email address or distribution list.</P> </BLOCKQUOTE> <P>This app is sending close to 100 messages every day. They all go to '<A href="mailto:example@example.com">example@example.com</A>' which is bouncing around the email system. By default email on most Linux systems will have the 'From:' address of '<A href="mailto:splunk@somehost.yourorganization.org">splunk@somehost.yourorganization.org</A>', which also goes nowhere (Or perhaps it goes to <A href="mailto:postmaster@yourorganization.org">postmaster@yourorganization.org</A>). This results in hundreds of double-bounced emails which remain in email purgatory.</P> <P>How would one change this email address? I cannot find that setting anywhere.</P> Fri, 21 Sep 2012 22:02:34 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Linux-DHCP-and-emails/m-p/67708#M4186 stefanlasiewski 2012-09-21T22:02:34Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Linux-DHCP-and-emails/m-p/67709#M4187 <P>The only way to do this right now is to edit each saved search manually. I will consider making this easier in a future version.</P> Mon, 25 Feb 2013 18:29:36 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Linux-DHCP-and-emails/m-p/67709#M4187 araitz 2013-02-25T18:29:36Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Linux-DHCP-and-emails/m-p/67710#M4188 <P>Here's how I solved this. </P> <P>I noticed that the savedsearch <CODE>dhcpd_alert_new_mac_address_15m</CODE> was configured to send an email every 15 minutes. By default, it sends email to <A href="mailto:example@example.org" target="_blank">example@example.org</A> . That is a ton of email (96 incorrect emails per day?). This is viewable under "Splunk&gt; Manager » Searches and reports » dhcpd_alert_new_mac_address_15m", and on the commandline at <CODE>$SPLUNK_HOME/etc/apps/dhcpd/default/savedsearches.conf</CODE> has this:</P> <PRE><CODE>[dhcpd_alert_new_mac_address_15m] action.email = 1 action.email.sendresults = 1 action.email.to = example@example.com counttype = number of events cron_schedule = */15 * * * * description = Alerts on mac addresses seen in the last 15 minutes that were not in the dhcpd_mac-hostname lookup table </CODE></PRE> <P>To disable this, I simply unchecked the box next to "Schedule this search". On the commandline, the following file was added to <CODE>$SPLUNK_HOME/etc/apps/dhcpd/local/savedsearches.conf</CODE>, and now the emails have stopped.</P> <PRE><CODE>[dhcpd_alert_new_mac_address_15m] disabled = 1 </CODE></PRE> Mon, 28 Sep 2020 13:40:01 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Linux-DHCP-and-emails/m-p/67710#M4188 stefanlasiewski 2020-09-28T13:40:01Z