Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can we configure Splunk to use multiple senders in an email alert?

vumanhtai
Path Finder
‎12-26-2018 01:01 AM

As per my understanding, Splunk can only send an alert from 1 sender that configured in the Email Setting.

I need to know if we can configure Splunk to use multiple senders?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎12-26-2018 05:34 AM

@vumanhtai,

You may try using the sendemail command where you can mention the [from=]

sendemail to=<email_list>

[from=<email_list>]
[cc=<email_list>]
[bcc=<email_list>]
[subject=<string>]
[format=csv | table | raw]
[inline= <bool>]
[sendresults=<bool>]
[sendpdf=<bool>]

Or
Try adding them in savedsearches.conf 

action.email.from = <email address>
* Set an email address to use as the sender's address.
* Defaults to splunk@<LOCALHOST> (or whatever is set in alert_actions.conf).
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎12-26-2018 05:34 AM

@vumanhtai,

You may try using the sendemail command where you can mention the [from=]

sendemail to=<email_list>

[from=<email_list>]
[cc=<email_list>]
[bcc=<email_list>]
[subject=<string>]
[format=csv | table | raw]
[inline= <bool>]
[sendresults=<bool>]
[sendpdf=<bool>]

Or
Try adding them in savedsearches.conf 

action.email.from = <email address>
* Set an email address to use as the sender's address.
* Defaults to splunk@<LOCALHOST> (or whatever is set in alert_actions.conf).
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution

vumanhtai
Path Finder
‎12-26-2018 08:54 PM

I tried using the sendemail command but I didn't see the password entry field for the email sent

0 Karma
Reply
Solved! Jump to solution

renjith_nair
Legend
‎12-26-2018 09:41 PM

Do you mean you want to set the username/password for the server authentication during sendmail ? If yes, then username= and password= should work though they are not mentioned in the doc.

def mail(email, argvals, ssContent, sessionKey):

    sender     = email['From']
    use_ssl    = normalizeBoolean(ssContent.get('action.email.use_ssl', False))
    use_tls    = normalizeBoolean(ssContent.get('action.email.use_tls', False))
    server     = ssContent.get('action.email.mailserver', 'localhost')

    username   = argvals.get('username', '')
    password   = argvals.get('password', '')
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution

vumanhtai
Path Finder
‎01-02-2019 07:17 PM

Hi renjith.nair !
sourcetye=error | stats count by email | sendmail to=....

I want the receiver in "sendmail" is the result of query "stats count by email"
For example:
If we have 3 emails from the "stats count by email"
Then the query "sendmail" will send email to the 3 above emails.

Thanks in advance!

0 Karma
Reply
Solved! Jump to solution

vumanhtai
Path Finder
‎12-26-2018 09:49 PM

oh! thank you so much

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco &#43; Splunk! We’ve ...

Enterprise Security Content Update (ESCU) | New Releases

In April, the Splunk Threat Research Team had 2 releases of new security content via the Enterprise Security ...