Reporting

Step by Step to receive email alerts on Splunk

royimad
Builder

How do i configure Splunk so i will be able to receive email alerts from other servers?
Is there any step by step procedure that i should follow. I have Splunk on Linux machine and never did that before.

Thanks,

1 Solution

royimad
Builder

I have used

IMAP App

to receive email on Splunk and connect to exchange server.

View solution in original post

0 Karma

royimad
Builder

I have used

IMAP App

to receive email on Splunk and connect to exchange server.

0 Karma

jpass
Contributor

A while ago I did something similar but not related to Splunk. But the idea is the same.

A script is scheduled to run on the interval of your choice via chron. It retrieves e-mails and saves them out as a text file or whatever. I used PERL and the IMAP client MUTT. (http://www.mutt.org)

  1. install command line email client (Mutt)
  2. write a script (perl,python,bash etc.) that connects, retrieves messages and saves them out as a text file locally to a folder that Splunk has access to.
  3. In splunk create input that watches that folder

-j

0 Karma

royimad
Builder

Still doesn't know how to receive email on splunk ?! Anyidea or steps

0 Karma

royimad
Builder

Still doesn't know how to receive email on splunk ?! Anyidea or steps

0 Karma

jpass
Contributor

If by 'another server' you mean a remote mailserver it's pretty easy.

  1. Go to 'admin' and click 'system settings'
  2. Next click 'email alert settings'
  3. Set the appropriate values for your email host, username etc
  4. Set the link host so urls in the emails link back to the splunk alert correctly...ie..your splunk server host name
  5. Run a search & create an alert
  6. In the alert settings give it your email address

You can also use the 'sendemail' command which you would append to the end of your saved search along with the server settings. This method is not so much an 'alert' though and you don't have access to the alert settings as far as I know.

Example:

sourcetype=blah "keyword" | sendmail to="youremail@..." server="192.168.." etc. etc.

jpass
Contributor

ahh my bad. I read too quickly.

0 Karma

royimad
Builder

This is how you send email from splunk and alert , what i need is receiving email on splunk and index the data received

0 Karma

saurabh_tek
Communicator

for this purpose we have IMAP app.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...