Reporting

Is there a way to send email notifications to all members of an Active Directory group at once?

mawomommoh
Path Finder

When setting up an alert, for 'Send email' Trigger actions, is there a way to send emails to all members of an Active Directory group at once when filling out the 'To' field? Must I manually enter emails into the 'To' field or there is a way to setup sending to a list of emails?

alt text

0 Karma
1 Solution

xpac
SplunkTrust
SplunkTrust

Such a feature must be implemented on the mail server - Splunk simply sends the alert to wherever it's told to.
You should therefore check with your AD/Exchange admin - I know such groups/mailboxes can be setup, because we send to such a group. 😉

Hope that helps!

View solution in original post

xpac
SplunkTrust
SplunkTrust

Such a feature must be implemented on the mail server - Splunk simply sends the alert to wherever it's told to.
You should therefore check with your AD/Exchange admin - I know such groups/mailboxes can be setup, because we send to such a group. 😉

Hope that helps!

mawomommoh
Path Finder

Thanks for the feedback @xpac . So from what you stated I presume the 'TO' field will contain the address of the AD group. I know Splunk has 'Email settings'. Do you know if any configurations are to be made there or it's mainly to be setup from the AD/Exchange side of things?

0 Karma

xpac
SplunkTrust
SplunkTrust

It's only the AD/Exchange side. Mail (SMTP) is a pretty simple protocol (some would say stupid ;-)).
So, the sending side knows literally nothing about the receiver, if it's a single user, a group, a mailbox, if it exists - it just takes the mail, contacts the mailserver for @yourdomain.tld and says "Here, deal with this mail". So - have your AD/Exchange people set up a distribution list, tell Splunk to send the mail to whatever email address your AD/Exchange people give you, and you're good.

0 Karma

mawomommoh
Path Finder

Great! Thanks for the insightful explanation. Much appreciated. 🙂

0 Karma
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...