Reporting
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to edit the "From" address field for email notifications at Splunk Cloud?

Alan_Chan
Explorer
Wednesday

We received all alerts from Splunk Cloud with sender alerts@splunkcloud.com.

Can we change the sender to other domain? E.g. xxx@xxx.abc

Do we need to raise a support ticket to have a change request on it?

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

livehybrid
Influencer
Thursday

Hi @Alan_Chan 

The short answer is No.

It is not possible to change the sender address of emails in Splunk Cloud using native functionality.

Regarding the "Send email as" setting in Server Settings-> Email Settings - The docs state:

This value is set by your Splunk Cloud Platform implementation and cannot be changed. Entering a value in this field has no effect.

https://docs.splunk.com/Documentation/Splunk/9.3.2/Alert/Emailnotification#Steps_for_Splunk_Cloud_Pl....

Even if you could change this, the emails are sent from Splunk's email provider and would not match the anti-spam configurations of your own domain, thus mail relays would likely block it anyway.

Depending on the type of emails you wanted to send (e.g. Alerts rather than PDF reports) you could look at other options like using AWS SNS or something like an Office 365 / Azure Alert action to send using your O365 creds however I believe output SMTP from SplunkCloud is blocked so you would need to use something with an API call and you could not substitute this for all email sending actions from Splunk Cloud.

Sorry it wasnt the answer you were looking for, but hopefully this helps you avoid going down other rabbit-holes!

Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will

0 Karma
Reply

kiran_panchavat
Influencer
Wednesday

@Alan_Chan 

You could change the From email address in Mail Server Settings in Email Settings : https://docs.splunk.com/Documentation/SplunkCloud/latest/Alert/Emailnotification 

If you want to send each mail from a different "from" address, then probably sendemail command https://docs.splunk.com/Documentation/SplunkCloud/9.3.2411/SearchReference/Sendemail 

  • First, check if you can modify the "Send emails as" field under Email Settings in your Splunk Cloud instance. If you can’t, or if the change doesn’t take effect (e.g., due to domain restrictions), then yes, you should raise a support ticket.

Refer:-

https://docs.splunk.com/Documentation/SplunkCloud/latest/Alert/Emailnotification#Steps_for_Splunk_Cl...

 https://community.splunk.com/t5/Splunk-Enterprise-Security/How-to-change-the-quot-From-quot-address-... 

I hope this helps, if any reply helps you, you could add your upvote/karma points to that reply, thanks.
0 Karma
Reply

livehybrid
Influencer
Thursday

@kiran_panchavat Re setting the sender field, The doc you have linked to states:

This value is set by your Splunk Cloud Platform implementation and cannot be changed. Entering a value in this field has no effect.

 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
Top