Splunk alerts are being quarantined from an invalid sender. What backend files need to be modified? How can I make changes from the GitLab server (not from Splunk Web) to track changes for a Splunk configuration file: savedsearches.conf for an invalid email sender?
you see from field, update from address there.
I am talking about doing it from Linux command line.
I noticed a large number of Splunk alerts in the hosted O365 quarantine (not delivered) because they are using an invalid sender "From: splunk-s". This is not a problem with the tenant configuration where we can whitelist it. O365 needs to see a properly formatted “from” header, e.g. somebody@gmail.com. Is this something that can be adjusted in the Splunk config? It would also be beneficial to remove some of the old recipients from these alerts:
can you elaborate you question?
Please can you tell how I can make changes from gitlab server to track changes for a Splunk configuration file: savedsearches.conf for an invalid email sender? Please I need the step by step process on how to do it. We need to do it from gitlab not from splunk web.