Hi,
I am working on ubuntu servers on AWS and wants to use SES functionality of AWS to send splunk email alerts, is this possible?
Update to the answer of Philipp Schneider:
The Link hostname is NOT your external IP of the splunkserver, but the internal IP! Because if you're enable the PDF Server for Linux to schedule PDF reports, you will not be able to generate PDF's with your external IP!
Cheers
Selim
System Administrator, Junior - Cloud Development
coresystems ag
Villa im Park | Dorfstrasse 69
5210 Windisch | Switzerland
Amazon now offers SMTP Server with their AWS SES service.
We got it working now.
Here is how you do it:
go to amazon and set the SMTP incl. one user up. (see Amazon doc)
In Splunk:
Mail host: (choose the one amazon tells you)
email-smtp.us-east-1.amazonaws.com:465
Security: Enable SSL
UserName: amazon crypto username
Pass: abc
Link hostname: your external IP of the splunkserver
send emails as: the verfied Email adress
That setup worked for us
philippschneider's answer worked with a minor change - instead of enable SSL, I had to use Enable TLS.
Mail host: email-smtp.us-east-1.amazonaws.com (no port mentioned)
Enable TLS
Username: SESUSERNAME
Password: SESPASSWORD
send email as: verified email address
Thanks, the "No Port" comment prevented me from ripping out the little hair I have left 😉
I'd say "sure, it's possible -- if you're willing to write some code to do it". The default Splunk "send email" action uses plain old SMTP under the covers. You could modify $SPLUNK_HOME/etc/apps/search/bin/sendemail.py
to use the Amazon SES API. These changes could get overlaid during an upgrade and would probably not be supported by Splunk support.
This really isn't in an area of publicly documented Splunk. You're changing what is basically an exposed implementation detail. If you don't know python, your job probably just got a little harder. The documentation for the sendemail command ( http://www.splunk.com/base/Documentation/latest/SearchReference/Sendemail ) might help you, as well as the documentation around alert_actions.conf ( http://www.splunk.com/base/Documentation/latest/Admin/Alertactionsconf ). There's also an article at Amazon ( http://aws.amazon.com/articles/2405502737055650 ) that provides an example of SES in python.
It'll be great if you can throw some light on this as i am not familiar with python scripts.Any documentation link for this?