- Splunk Answers
- :
- Using Splunk
- :
- Alerting
- :
- LDAP authenticated users do not pick up mail attri...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk 4.1. I configured LDAP authentication, pointing to our AD domain controller. The users get mapped to roles successfully, but I examine the user's attributes under Manager>>Access controls>>Users>>juser, Email address is blank (and uneditable). The user is also unable to edit their own email preferences.
How can I enable emailed alerts/reports for these users?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Scheduled alerts are configurable by the Splunk user. The alerts can be configured to send email to any email address and Splunk does not assume that the configured alert is sent to the user who created the alert.
Currently Splunk does not provide the built-in capability to map the email attribute. If you have a use-case for this, feel free to file an Enhancement Request.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In 4.3 there appears to be a default option to email a link to the results of backgrounded searches when they complete. Presently on our system, only admin can take advantage of this capability because normal users are all in LDAP, with no way to populate their email field. So by opting to use LDAP authentication, we're missing out on some nice functionality in the core product.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes this is definitely a very nice feature to have for any user who is backgrounding searches.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Scheduled alerts are configurable by the Splunk user. The alerts can be configured to send email to any email address and Splunk does not assume that the configured alert is sent to the user who created the alert.
Currently Splunk does not provide the built-in capability to map the email attribute. If you have a use-case for this, feel free to file an Enhancement Request.
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...
