Using Office365 SMTP for sending alert emails with...

Maxime · ‎06-05-2024

Hello,

I have recently started working with SPLUNK Enterprise and I would like to use it as a SIEM for my network. I have successfully integrated data into SPLUNK from my server and created an alert if certain conditions are met.

In order to send an email when an alert is triggered, I created an SMTP connector using the "Exchange Admin Center". I then configured the mail server on SPLUNK, but when an alert is created on SPLUNK, I do not receive any emails.

I am wondering if the issue is with the connector I created or if it could be something else. What is the procedure to create an SMTP connector and ensure that the email can be sent from SPLUNK?

Thank you for reading.

deepakc · ‎06-05-2024

You need to follow these steps (its basic SMTP connection) for alerts for Splunk cloud or on premise.

https://docs.splunk.com/Documentation/Splunk/9.2.1/Alert/Emailnotification

There's not that many settings for this in Splunk - so it should work providing your SMTP / Email server allows for this. We point to an SMTP server as per the config above.

If its not working and you feel your have setup according to the Splunk docs, I would look at your "Exchange Admin Centre" and consult the Admin to ensure Splunk can send to to the SMTP server.

The

Using Office365 SMTP for sending alert emails with SPLUNK

configuration

using Splunk Enterprise

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation