Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I get the alert emails sent out with multiple email addresses on one email instead of individual emails?

upcounselnick
Explorer
‎04-18-2016 12:52 PM

In the version of Splunk Light we were self hosting (6.2.2) we could just add everyone in the 'To' field, and it would send a single email out to all of us together. I even remember this from past times I've used Splunk Enterprise.

NOW in SLC 6.3, it sends individual emails to each person. This isn't ideal for us because we like to be able to reply all and let everyone know we're handling something.

I've tried using the 'CC' field, but that still sends individual emails as well so it seems like there's not much of a difference. You'd think CC would actually CC users to one email, but instead it's actually sending out individual emails with an empty To email.

Something could have fundamentally changed in one of the most recent versions of Splunk, and I'm trying to get to the bottom of it. This seems like a bug to me.

Reply

ChrisG
Splunk Employee
Splunk Employee
‎04-19-2016 12:10 PM

Splunk QA has confirmed that this is a bug, now logged as AMI-4340. I will update this posting when I have more information about a fix.

Reply

upcounselnick
Explorer
‎04-19-2016 12:11 PM

Thanks Chris!

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎07-19-2016 04:01 PM

The fix was pushed to production today.

Reply

upcounselnick
Explorer
‎07-19-2016 04:31 PM

excellent. thanks Chris!

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎04-18-2016 01:36 PM

Initial investigation by QA indicates that this is an issue specifically with the cloud version. They confirmed that the on-premises versions of Splunk Light and Splunk Enterprise both correctly handle email alerts with multiple recipients. We will update this posting again when we have more information.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-18-2016 03:56 PM

I'm curious if you can work around this by putting an array into the to field like this '["email@address.com","email2@address.com"]'

0 Karma
Reply

upcounselnick
Explorer
‎04-18-2016 04:04 PM

Getting a validation error: "In handler 'savedsearch': One of the email addresses in 'action.email.to' is invalid"

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-18-2016 04:17 PM

Can you try it without the square brackets too?

0 Karma
Reply

upcounselnick
Explorer
‎04-18-2016 04:27 PM

Same thing.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎04-18-2016 04:49 PM

Sorry I'm just a guy who tries every combo possible... I'd even try escaping the squar brackets

0 Karma
Reply

upcounselnick
Explorer
‎04-18-2016 05:02 PM

No problem. I thank you for your help. I'll try messing around with some different combinations to see if I can outsmart it. 🙂

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...