For a long backgrounded job, it would be really useful to be able to get an alert sent out when it is done. Doesn't appear that my Splunk instances does this.
Emails for scheduled searches that generate alerts work just fine, so I know the email server path is fully functional.
If it makes a difference, all of our user auth is done via LDAP.
Any suggestions on ways to get this to work?
This works for non-LDAP instances by simply entering the email address in the user's Splunk local account profile. This automagically works in those cases.
As for LDAP, perhaps if the correct field name is proffered to Splunk from LDAP it would correctly populate the email address field.
This works for non-LDAP instances by simply entering the email address in the user's Splunk local account profile. This automagically works in those cases.
As for LDAP, perhaps if the correct field name is proffered to Splunk from LDAP it would correctly populate the email address field.
I have an open case with Splunk on this. No way to currently import email via LDAP. No ETA on fix.
I'm told that LDAP configurations often don't provide splunk with the right named field for email propogation, which is the likely cause of your issue.