You may try using the sendemail command where you can mention the [from=]
sendemail to=<email_list> [from=<email_list>] [cc=<email_list>] [bcc=<email_list>] [subject=<string>] [format=csv | table | raw] [inline= <bool>] [sendresults=<bool>] [sendpdf=<bool>]
Try adding them in savedsearches.conf
action.email.from = <email address> * Set an email address to use as the sender's address. * Defaults to splunk@<LOCALHOST> (or whatever is set in alert_actions.conf).
I tried using the sendemail command but I didn't see the password entry field for the email sent
Do you mean you want to set the username/password for the server authentication during sendmail ? If yes, then username= and password= should work though they are not mentioned in the doc.
def mail(email, argvals, ssContent, sessionKey): sender = email['From'] use_ssl = normalizeBoolean(ssContent.get('action.email.use_ssl', False)) use_tls = normalizeBoolean(ssContent.get('action.email.use_tls', False)) server = ssContent.get('action.email.mailserver', 'localhost') username = argvals.get('username', '') password = argvals.get('password', '')
Hi renjith.nair !
sourcetye=error | stats count by email | sendmail to=....
I want the receiver in "sendmail" is the result of query "stats count by email"
If we have 3 emails from the "stats count by email"
Then the query "sendmail" will send email to the 3 above emails.
Thanks in advance!