I have configured alert_actions.conf in $SPLUNK_HOME/etc/system/local/ but some alerts are still using “localhost” and not being received. I have configured that there are no other alert_actions...
Hello,
I have been provided an Exchange account, which I configured in alert_actions.conf (via web console).
No ssl, no tls.
I can send an email with sendemail.
However, when I a s...
Hi Fellow Splunkers, I have an issue with triggered alerts failing to send email with authentication error (I use smtp). I found out that alert_actions.conf was mysteriously created under S...
I've got an app called configuration. This app pushes authentication, outputs, and web conf files successfully to the 3 search heads. However alert_actions.conf, when deployed with the deployer i...
I have an alert_actions.conf file that is pushed out to our search heads via deployment server. All of the settings (hostname, mailserver, from) are being ignored when in the app context. If I move t...
I'm trying to get an app Splunkbase certified and am getting kickback on an API Key being stored in alert_actions.conf after user setup.
What is the Splunk suggested approach for this c...
Hi Forum,
I'm currently trying out to save search results in a csv file. Could you help me to find out which tokens are allowed in alert_actions.conf?
I found https://docs.splunk.com/D...
I'm setting up Slack alerts and would like to deploy uniformly to our heavy forwarders. To do so, I'd have to add a placeholder to their alert_actions.conf
[slack]
disabled = 0
param.from_user...
I created an App, and deployed it with alert_actions.conf to Search Heads.
When I tried to set up an alert on a Search Head by the below procedures, Send email icon was not shown properly.
[P...
How can we resolve some errors when restarting splunkd on our Splunk ES search-head?:
Invalid key in stanza [sendtoplaybook] in /opt/splunk/etc/apps/TA-threatconnect/default/alert_actions.conf, l...