Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to make changes from the GitLab server (not from Splunk Web) to track changes for a Splunk configuration file?

ngwodo
Path Finder
‎09-15-2020 07:15 AM

Splunk alerts are being quarantined from an invalid sender. What backend files need to be modified?  How can I make changes from the GitLab server (not from Splunk Web) to track changes for a Splunk configuration file: savedsearches.conf for an invalid email sender?

Labels (2)
Labels
0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-15-2020 09:38 AM
  1. From the Search and Reporting app home page, select Settings > Server settings > Email settings.
  2. Select Mail Server Settings.

you see from field, update from address there.

————————————
If this helps, give a like below.
0 Karma
Reply

ngwodo
Path Finder
‎09-15-2020 09:57 AM

I am talking about doing it from Linux command line. 

0 Karma
Reply

ngwodo
Path Finder
‎09-15-2020 09:01 AM

I noticed a large number of Splunk alerts in the hosted O365 quarantine (not delivered) because they are using an invalid sender "From: splunk-s". This is not a problem with the tenant configuration where we can whitelist it. O365 needs to see a properly formatted “from” header, e.g. somebody@gmail.com. Is this something that can be adjusted in the Splunk config? It would also be beneficial to remove some of the old recipients from these alerts:

0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-15-2020 07:25 AM

can you elaborate you question?

————————————
If this helps, give a like below.
0 Karma
Reply

ngwodo
Path Finder
‎09-17-2020 08:35 AM

Please can you tell how I can make changes from gitlab server to track changes for a Splunk configuration file: savedsearches.conf for an invalid email sender?  Please I need the step by step process on how to do it. We need to do it from gitlab not from splunk web.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...