topic Re: Step by Step to receive email alerts on Splunk in Reporting

Step by Step to receive email alerts on Splunk

royimad — Sat, 17 Aug 2013 09:46:16 GMT

How do i configure Splunk so i will be able to receive email alerts from other servers?
Is there any step by step procedure that i should follow. I have Splunk on Linux machine and never did that before.

Thanks,

Re: Step by Step to receive email alerts on Splunk

jpass — Sat, 17 Aug 2013 21:05:34 GMT

If by 'another server' you mean a remote mailserver it's pretty easy.

Go to 'admin' and click 'system settings'
Next click 'email alert settings'
Set the appropriate values for your email host, username etc
Set the link host so urls in the emails link back to the splunk alert correctly...ie..your splunk server host name
Run a search & create an alert
In the alert settings give it your email address

You can also use the 'sendemail' command which you would append to the end of your saved search along with the server settings. This method is not so much an 'alert' though and you don't have access to the alert settings as far as I know.

Example:

sourcetype=blah "keyword" | sendmail to="youremail@..." server="192.168.." etc. etc.

Re: Step by Step to receive email alerts on Splunk

royimad — Mon, 19 Aug 2013 14:02:57 GMT

This is how you send email from splunk and alert , what i need is receiving email on splunk and index the data received

Re: Step by Step to receive email alerts on Splunk

royimad — Mon, 19 Aug 2013 14:04:22 GMT

Still doesn't know how to receive email on splunk ?! Anyidea or steps

Re: Step by Step to receive email alerts on Splunk

royimad — Mon, 19 Aug 2013 14:04:43 GMT

Still doesn't know how to receive email on splunk ?! Anyidea or steps

Re: Step by Step to receive email alerts on Splunk

jpass — Mon, 19 Aug 2013 14:06:42 GMT

ahh my bad. I read too quickly.

Re: Step by Step to receive email alerts on Splunk

jpass — Mon, 19 Aug 2013 14:17:26 GMT

A while ago I did something similar but not related to Splunk. But the idea is the same.

A script is scheduled to run on the interval of your choice via chron. It retrieves e-mails and saves them out as a text file or whatever. I used PERL and the IMAP client MUTT. (http://www.mutt.org)

install command line email client (Mutt)
write a script (perl,python,bash etc.) that connects, retrieves messages and saves them out as a text file locally to a folder that Splunk has access to.
In splunk create input that watches that folder

-j

Re: Step by Step to receive email alerts on Splunk

royimad — Wed, 21 Aug 2013 07:12:03 GMT

I have used

IMAP App

to receive email on Splunk and connect to exchange server.

Re: Step by Step to receive email alerts on Splunk

saurabh_tek — Thu, 29 Sep 2016 06:02:21 GMT

for this purpose we have IMAP app.