Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to send email notifications to all members of an Active Directory group at once?

mawomommoh
Path Finder
‎05-24-2018 01:55 AM

When setting up an alert, for 'Send email' Trigger actions, is there a way to send emails to all members of an Active Directory group at once when filling out the 'To' field? Must I manually enter emails into the 'To' field or there is a way to setup sending to a list of emails?

alt text

Preview file
48 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

xpac
SplunkTrust
SplunkTrust
‎05-24-2018 02:02 AM

Such a feature must be implemented on the mail server - Splunk simply sends the alert to wherever it's told to.
You should therefore check with your AD/Exchange admin - I know such groups/mailboxes can be setup, because we send to such a group. 😉

Hope that helps!

View solution in original post

Reply
Solved! Jump to solution
Solution

xpac
SplunkTrust
SplunkTrust
‎05-24-2018 02:02 AM

Such a feature must be implemented on the mail server - Splunk simply sends the alert to wherever it's told to.
You should therefore check with your AD/Exchange admin - I know such groups/mailboxes can be setup, because we send to such a group. 😉

Hope that helps!

Reply
Solved! Jump to solution

mawomommoh
Path Finder
‎05-27-2018 10:54 PM

Thanks for the feedback @xpac . So from what you stated I presume the 'TO' field will contain the address of the AD group. I know Splunk has 'Email settings'. Do you know if any configurations are to be made there or it's mainly to be setup from the AD/Exchange side of things?

0 Karma
Reply
Solved! Jump to solution

xpac
SplunkTrust
SplunkTrust
‎05-28-2018 12:40 AM

It's only the AD/Exchange side. Mail (SMTP) is a pretty simple protocol (some would say stupid ;-)).
So, the sending side knows literally nothing about the receiver, if it's a single user, a group, a mailbox, if it exists - it just takes the mail, contacts the mailserver for @yourdomain.tld and says "Here, deal with this mail". So - have your AD/Exchange people set up a distribution list, tell Splunk to send the mail to whatever email address your AD/Exchange people give you, and you're good.

0 Karma
Reply
Solved! Jump to solution

mawomommoh
Path Finder
‎05-29-2018 12:55 AM

Great! Thanks for the insightful explanation. Much appreciated. 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...