Reporting

Step by Step to receive email alerts on Splunk

royimad
Builder

How do i configure Splunk so i will be able to receive email alerts from other servers?
Is there any step by step procedure that i should follow. I have Splunk on Linux machine and never did that before.

Thanks,

1 Solution

royimad
Builder

I have used

IMAP App

to receive email on Splunk and connect to exchange server.

View solution in original post

0 Karma

royimad
Builder

I have used

IMAP App

to receive email on Splunk and connect to exchange server.

0 Karma

jpass
Contributor

A while ago I did something similar but not related to Splunk. But the idea is the same.

A script is scheduled to run on the interval of your choice via chron. It retrieves e-mails and saves them out as a text file or whatever. I used PERL and the IMAP client MUTT. (http://www.mutt.org)

  1. install command line email client (Mutt)
  2. write a script (perl,python,bash etc.) that connects, retrieves messages and saves them out as a text file locally to a folder that Splunk has access to.
  3. In splunk create input that watches that folder

-j

0 Karma

royimad
Builder

Still doesn't know how to receive email on splunk ?! Anyidea or steps

0 Karma

royimad
Builder

Still doesn't know how to receive email on splunk ?! Anyidea or steps

0 Karma

jpass
Contributor

If by 'another server' you mean a remote mailserver it's pretty easy.

  1. Go to 'admin' and click 'system settings'
  2. Next click 'email alert settings'
  3. Set the appropriate values for your email host, username etc
  4. Set the link host so urls in the emails link back to the splunk alert correctly...ie..your splunk server host name
  5. Run a search & create an alert
  6. In the alert settings give it your email address

You can also use the 'sendemail' command which you would append to the end of your saved search along with the server settings. This method is not so much an 'alert' though and you don't have access to the alert settings as far as I know.

Example:

sourcetype=blah "keyword" | sendmail to="youremail@..." server="192.168.." etc. etc.

jpass
Contributor

ahh my bad. I read too quickly.

0 Karma

royimad
Builder

This is how you send email from splunk and alert , what i need is receiving email on splunk and index the data received

0 Karma

saurabh_tek
Communicator

for this purpose we have IMAP app.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...