- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- How to send Splunk email alerts through AWS SES
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to send Splunk email alerts through AWS SES
Hi,
I am working on ubuntu servers on AWS and wants to use SES functionality of AWS to send splunk email alerts, is this possible?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Update to the answer of Philipp Schneider:
The Link hostname is NOT your external IP of the splunkserver, but the internal IP! Because if you're enable the PDF Server for Linux to schedule PDF reports, you will not be able to generate PDF's with your external IP!
Cheers
Selim
System Administrator, Junior - Cloud Development
coresystems ag
Villa im Park | Dorfstrasse 69
5210 Windisch | Switzerland
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Amazon now offers SMTP Server with their AWS SES service.
We got it working now.
Here is how you do it:
go to amazon and set the SMTP incl. one user up. (see Amazon doc)
In Splunk:
Mail host: (choose the one amazon tells you)
email-smtp.us-east-1.amazonaws.com:465
Security: Enable SSL
UserName: amazon crypto username
Pass: abc
Link hostname: your external IP of the splunkserver
send emails as: the verfied Email adress
That setup worked for us
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
philippschneider's answer worked with a minor change - instead of enable SSL, I had to use Enable TLS.
Mail host: email-smtp.us-east-1.amazonaws.com (no port mentioned)
Enable TLS
Username: SESUSERNAME
Password: SESPASSWORD
send email as: verified email address
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, the "No Port" comment prevented me from ripping out the little hair I have left 😉
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd say "sure, it's possible -- if you're willing to write some code to do it". The default Splunk "send email" action uses plain old SMTP under the covers. You could modify $SPLUNK_HOME/etc/apps/search/bin/sendemail.py to use the Amazon SES API. These changes could get overlaid during an upgrade and would probably not be supported by Splunk support.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This really isn't in an area of publicly documented Splunk. You're changing what is basically an exposed implementation detail. If you don't know python, your job probably just got a little harder. The documentation for the sendemail command ( http://www.splunk.com/base/Documentation/latest/SearchReference/Sendemail ) might help you, as well as the documentation around alert_actions.conf ( http://www.splunk.com/base/Documentation/latest/Admin/Alertactionsconf ). There's also an article at Amazon ( http://aws.amazon.com/articles/2405502737055650 ) that provides an example of SES in python.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It'll be great if you can throw some light on this as i am not familiar with python scripts.Any documentation link for this?
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
