- Splunk Answers
- :
- Using Splunk
- :
- Alerting
- :
- Re: Custom Email From Address for Alerts
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Custom Email From Address for Alerts
Hello,
I have an alert setup that I would like to send to end users however I want to change the from address in the email alert. Are you able to change the from field for specific alerts?
Ta.
Pete.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For anyone looking how to do this for your report/alert already created:
1. Edit savedsearches.conf on your search head. Find the name of the alert, for which you want to use the new email address to send emails to the recipients and add the following:
action.email.from = your_email_address
action.email.mailserver = your_smtp_server_name
2. Restart Splunkd.
Works like a charm. The best part is that all of your other alerts will still use the default email address, supplied in the server settings of your search head. Hope this helps.
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @griggsy ,
You could change the From email address in Mail Server Settings in Email Settings : http://docs.splunk.com/Documentation/SplunkCloud/7.0.3/Alert/Emailnotification#Configure_email_notif...
If you want to send each mail from a different "from" address, then probably sendemail command or a Configuring scripted alerts might be an option
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, Just seems annoying you can't set the from address per alert.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know this a bit old, but I agree it would be great to have this open. It could default to the system from or we can default to the alert owner. Managing bounced email for over thousands of email alerts is cumbersome. Sending the bounce back to the alert owner and they can handle it.
Chris
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
