Creating multiple "send email" alert actions?

SewingMachine77 · ‎05-20-2024

I am trying to make email templates for the "send email" alert actions. So far I have edited the "alert_actions.conf" and put that in a new app I created. But what it is doing is just overriding the "send email" alert action and that's not what I want to do. What I want is to have multiple send email actions, Is there a way to not override the base "send email" action?

What I fear is I will have to create a copy of the "sendemail.py" and make a small edit then post that in my app in the bin folder. Then rename it like "sendSREemail.py"

alert_actions.conf:
[email]
label = SRE Email Template
icon_path = mod_alert_icon_email.png
from = xxxxx@xxxx.com
mailserver = xxxxxx.com
pdf.header_left = none
pdf.header_right = none
use_tls = 1
hostname = xxxxxx.com
message.alert = Alert: $name$\
Why am I receiving this alert? (Give a brief description of the alert and why this alert is triggering)\
\
How do I fix it?\
1. Step 1\
2. Step 2\
3. Step 3

Thanks again Splunk community.

richgalloway · ‎05-21-2024

We can't have more than one email action and it has nothing to do with sendemail.py.

Splunk does not allow more than one config file stanza with the same name. If it finds more than one they are merged into a single stanza.

---
If this reply helps you, Karma would be appreciated.

SewingMachine77 · ‎05-21-2024

What if I wanted a different one for each app?

So if I put a alert_actions.conf in each app then each app could have different email parameters right?

richgalloway · ‎05-22-2024

Right. The app context would make a difference.

---
If this reply helps you, Karma would be appreciated.

Creating multiple "send email" alert actions?

Thanks for the Memories! Splunk University, .conf24, and Community Connections

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...