Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Using Office365 SMTP for sending alert emails with SPLUNK

Maxime
Loves-to-Learn
‎06-05-2024 08:32 AM

Hello,

I have recently started working with SPLUNK Enterprise and I would like to use it as a SIEM for my network. I have successfully integrated data into SPLUNK from my server and created an alert if certain conditions are met.

In order to send an email when an alert is triggered, I created an SMTP connector using the "Exchange Admin Center". I then configured the mail server on SPLUNK, but when an alert is created on SPLUNK, I do not receive any emails.

I am wondering if the issue is with the connector I created or if it could be something else. What is the procedure to create an SMTP connector and ensure that the email can be sent from SPLUNK?

Thank you for reading.

Labels (2)
Tags (3)
0 Karma
Reply

deepakc
Builder
‎06-05-2024 10:25 AM

You need to follow these steps (its basic SMTP connection) for alerts for Splunk cloud or on premise. 

https://docs.splunk.com/Documentation/Splunk/9.2.1/Alert/Emailnotification 

There's not that many settings for this in Splunk - so it should work providing your SMTP / Email server allows for this.  We point to an SMTP server as per the config above. 

If its not working and you feel your have setup according to the Splunk docs, I would look at your "Exchange Admin Centre" and consult the Admin to ensure Splunk can send to to the SMTP server. 



The 

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...