Solved: Backgrounded jobs don't send email alerts out when...

davidpaper · ‎06-13-2013

For a long backgrounded job, it would be really useful to be able to get an alert sent out when it is done. Doesn't appear that my Splunk instances does this.

Emails for scheduled searches that generate alerts work just fine, so I know the email server path is fully functional.

If it makes a difference, all of our user auth is done via LDAP.

Any suggestions on ways to get this to work?

jtrucks · ‎06-13-2013

This works for non-LDAP instances by simply entering the email address in the user's Splunk local account profile. This automagically works in those cases.

As for LDAP, perhaps if the correct field name is proffered to Splunk from LDAP it would correctly populate the email address field.

--
Jesse Trucks
Minister of Magic

View solution in original post

jtrucks · ‎06-13-2013

This works for non-LDAP instances by simply entering the email address in the user's Splunk local account profile. This automagically works in those cases.

As for LDAP, perhaps if the correct field name is proffered to Splunk from LDAP it would correctly populate the email address field.

--
Jesse Trucks
Minister of Magic

antlefebvre · ‎07-11-2013

I have an open case with Splunk on this. No way to currently import email via LDAP. No ETA on fix.

jtrucks · ‎07-11-2013

I'm told that LDAP configurations often don't provide splunk with the right named field for email propogation, which is the likely cause of your issue.

--
Jesse Trucks
Minister of Magic

Backgrounded jobs don't send email alerts out when completed.

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases