Solved: Re: How to get a list of all emails sent out by Sp...

Jerseyguy22 · ‎06-20-2016

Our Splunk server sends out dozens of emails every day. I want to find out the list of all the emails that are sent out by Splunk and associated jobs (whether alerts or reports) that are configured by all users. (I have admin rights on the Splunk server.)

Where exactly in Splunk Web do I see this information?

kbarker302 · ‎06-20-2016

The Python and splunkd logs would be the place to start. You can run the following query to get e-mail related activity:

index=_internal source="C:\\Program Files\\Splunk\\var\\log\\splunk\\python.log" sendemail

If you run the same search but with splunkd.log instead, there's a field called ssname that gives the search that triggered the alert.

View solution in original post

kbarker302 · ‎06-20-2016

The Python and splunkd logs would be the place to start. You can run the following query to get e-mail related activity:

index=_internal source="C:\\Program Files\\Splunk\\var\\log\\splunk\\python.log" sendemail

If you run the same search but with splunkd.log instead, there's a field called ssname that gives the search that triggered the alert.

lakromani · ‎01-06-2019

On linux that would be:

index=_internal source="/opt/splunk/var/log/splunk/python.log" sendemail

pretzel2 · ‎03-29-2017

This is very helpful. But I need to scrub savesearches.conf for any scheduled search with an email alert action and provide a report, so we can show and eventually update email addresses. Each stanza in savedsearches.conf can be different. It would be great to have a configurable view of savedsearches.conf with output to csv. This sounds like a feature request for splunk or a series of scripts.

How to get a list of all emails sent out by Splunk and all associated reports and alerts?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...