Solved: How to check permissions required to send an alert

golcondar · ‎03-16-2020

Hi all,

following up on https://answers.splunk.com/answers/808200/splunk-alerts-not-sending-e-mail.html?childToView=810356#a....

I wanted to figure out if there were any permissions needed to enable a splunk alert from my account. Is there a way I can check the permissions needed to create a working splunk alert (that sends out an email)?

Not sure if i'm providing enough information, so please let me know if i need to provide more.

manjunathmeti · ‎03-17-2020

You need below capabilities set to user role under which alert are triggered.

schedule_search = enabled
list_settings = enabled
admin_all_objects = enabled (This capability is required if the mail host requires login credentials. It is for PDF mail delivery only.)

https://docs.splunk.com/Documentation/Splunk/8.0.2/Alert/Emailnotification#User_role_configuration_f...

View solution in original post

manjunathmeti · ‎03-17-2020

You need below capabilities set to user role under which alert are triggered.

schedule_search = enabled
list_settings = enabled
admin_all_objects = enabled (This capability is required if the mail host requires login credentials. It is for PDF mail delivery only.)

https://docs.splunk.com/Documentation/Splunk/8.0.2/Alert/Emailnotification#User_role_configuration_f...

golcondar · ‎03-19-2020

I believe this worked, thank you!

rkyadav · ‎03-17-2020

@golcondar ,

Sometime email ID would have an issue with exchange servers which does not allow to recieve any emails.
Just my 2 cents here :

try adding - @exchange.domain.com

For xample - First.lastname@exchange.org.com , where org could be your organizational name

How to check permissions required to send an alert

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?