Custom Email From Address for Alerts

griggsy · ‎07-16-2018

Hello,

I have an alert setup that I would like to send to end users however I want to change the from address in the email alert. Are you able to change the from field for specific alerts?

Ta.
Pete.

shivanshu1593 · ‎07-26-2020

For anyone looking how to do this for your report/alert already created:

1. Edit savedsearches.conf on your search head. Find the name of the alert, for which you want to use the new email address to send emails to the recipients and add the following:

action.email.from = your_email_address

action.email.mailserver = your_smtp_server_name

2. Restart Splunkd.

Works like a charm. The best part is that all of your other alerts will still use the default email address, supplied in the server settings of your search head. Hope this helps.

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###

renjith_nair · ‎07-16-2018

Hi @griggsy ,

You could change the From email address in Mail Server Settings in Email Settings : http://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/Emailnotification#Configure_email_notif...

If you want to send each mail from a different "from" address, then probably sendemail command or a Configuring scripted alerts might be an option

Happy Splunking!

griggsy · ‎07-16-2018

Thanks, Just seems annoying you can't set the from address per alert.

chrisboy68 · ‎07-24-2020

I know this a bit old, but I agree it would be great to have this open. It could default to the system from or we can default to the alert owner. Managing bounced email for over thousands of email alerts is cumbersome. Sending the bounce back to the alert owner and they can handle it.

Chris

Custom Email From Address for Alerts

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life