Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can we configure Splunk to use multiple senders in an email alert?

vumanhtai
Path Finder
‎12-26-2018 01:01 AM

As per my understanding, Splunk can only send an alert from 1 sender that configured in the Email Setting.

I need to know if we can configure Splunk to use multiple senders?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
SplunkTrust
SplunkTrust
‎12-26-2018 05:34 AM

@vumanhtai,

You may try using the sendemail command where you can mention the [from=]

sendemail to=<email_list>

[from=<email_list>]
[cc=<email_list>]
[bcc=<email_list>]
[subject=<string>]
[format=csv | table | raw]
[inline= <bool>]
[sendresults=<bool>]
[sendpdf=<bool>]

Or
Try adding them in savedsearches.conf 

action.email.from = <email address>
* Set an email address to use as the sender's address.
* Defaults to splunk@<LOCALHOST> (or whatever is set in alert_actions.conf).
Happy Splunking!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

renjith_nair
SplunkTrust
SplunkTrust
‎12-26-2018 05:34 AM

@vumanhtai,

You may try using the sendemail command where you can mention the [from=]

sendemail to=<email_list>

[from=<email_list>]
[cc=<email_list>]
[bcc=<email_list>]
[subject=<string>]
[format=csv | table | raw]
[inline= <bool>]
[sendresults=<bool>]
[sendpdf=<bool>]

Or
Try adding them in savedsearches.conf 

action.email.from = <email address>
* Set an email address to use as the sender's address.
* Defaults to splunk@<LOCALHOST> (or whatever is set in alert_actions.conf).
Happy Splunking!
0 Karma
Reply
Solved! Jump to solution

vumanhtai
Path Finder
‎12-26-2018 08:54 PM

I tried using the sendemail command but I didn't see the password entry field for the email sent

0 Karma
Reply
Solved! Jump to solution

renjith_nair
SplunkTrust
SplunkTrust
‎12-26-2018 09:41 PM

Do you mean you want to set the username/password for the server authentication during sendmail ? If yes, then username= and password= should work though they are not mentioned in the doc.

def mail(email, argvals, ssContent, sessionKey):

    sender     = email['From']
    use_ssl    = normalizeBoolean(ssContent.get('action.email.use_ssl', False))
    use_tls    = normalizeBoolean(ssContent.get('action.email.use_tls', False))
    server     = ssContent.get('action.email.mailserver', 'localhost')

    username   = argvals.get('username', '')
    password   = argvals.get('password', '')
Happy Splunking!
0 Karma
Reply
Solved! Jump to solution

vumanhtai
Path Finder
‎01-02-2019 07:17 PM

Hi renjith.nair !
sourcetye=error | stats count by email | sendmail to=....

I want the receiver in "sendmail" is the result of query "stats count by email"
For example:
If we have 3 emails from the "stats count by email"
Then the query "sendmail" will send email to the 3 above emails.

Thanks in advance!

0 Karma
Reply
Solved! Jump to solution

vumanhtai
Path Finder
‎12-26-2018 09:49 PM

oh! thank you so much

0 Karma
Reply
Get Updates on the Splunk Community!

Platform Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...