I know this is a commonly asked question due to it's complexity, but I cannot figure out how to get emails to send via Splunk alert.
I created a simple search to find a specific string and created an alert with the following:
App: Search
Permissions: Private. Owned by admin.
Alert Type: Real-Time
Trigger Condition: Per-Result
Actions: Send email / Add to Triggered Alerts
I see it being triggered, but it never sends the email. I've tried sending it to two different email addresses. One to my work email, and another to my phone as a text (phoneNumber@mms.att.net) and neither of them work. The trigger appears in the list though.
I have tried multiple mail hosts in the configuration, but the current one is the default that appeared when I opened it: smtp-mail.outlook.com:587
Email security: I have tried all three options
No user/pass currently configured
Allowed Domains: mms.att.net
Send Emails As: SplunkAlert@test.edu
I've been sifting through the Splunk documentation for hours now and can't seem to get it right. Any ideas?
Thanks
Greetings for the Day !!
I thought there might be a login issue,
The Mail Id , Which you are giving It should not be Two Factor Authentication Enabled,
in that case the Splunk unable be login to you mail ID to sent the alerts to Specified recipients.
Check the Two-Authentication Disabled or Not.
if it is mandatory you cannot disable it then you have an other option to create a app password for the login, you can use that Password instead of that Original Password.
Thank you.
Have you configured Splunk to use a valid SMTP server? Most companies have their own. A "public" one such as outlook.com should require credentials.
Have you checked splunkd.log for errors? Look for "sendemail". It should be accompanied by a message explaining why Splunk could not send the message. If there is no error then the email was dropped by the provider and you should work with your email admin.