product
service
- Simple Security Consulting [Consulting]
- Splunk SOAR Automation Assessment Service [Consulting]
- Dashboard/SPL Creation Pack [Implementation/Building Support]
- Version upgrade service [implementation and construction support]
- Splunk Premium Apps construction support service [implementation and construction support]
- Splunk Security Log Analysis Start Package [Original App/Service]
- Splunk × CrowdStrike Falcon Insight, Macnica Original App [Original App/Service]
- Government uniform standard compatible App [Original App/Service]
- Smart Security Monitoring App [Original App/Service]
- Splunk × LANSCOPE Original App [Original App/Service]
- Security Monitoring App for Box [Original App/Service]
- Cloud Security Monitoring App [Original App/Service]
- SIEM Operation Monitoring Service [Original App/Service]
- List of services
- Macnica Premium Support for Splunk (utilization support, version upgrade monitoring)
- Macnica Premium Support for Splunk Skill Up Package
Specifications/Technical Information
Application for evaluation machine
- FAQ
How to change From of alert mail
- release date
- 2015-11-10
- last updated
- 2023-05-19
- version
- Splunk Enterprise 9.0.4
- Overview
- This article describes how to change the sender (From) of the email sent by an alert action.
- Reference information
- content
-
If you want to change the sender (From) of the email sent by the alert action, you can change it by the following method. (There are 2 ways)
When changing the sender (From) common to all alert mails
Change the value of "Send emails as" in Email Format in Settings > Server Settings > Email Settings.
When changing the email sender (From) for each individual alert
Set the following in savedsearches.conf of the server that performs the search.
<path to save savedsearches.conf>
- If the permission is "Private"
Linux: $SPLUNK_HOME/etc/users/<owner>/<app name>/local/savedsearches.conf
Windows: $SPLUNK_HOME\etc\users\<Owner>\<App name>\local\savedsearches.conf
Example) $SPLUNK_HOME/etc/users/admin/search/local/savedsearches.conf - If the permission is "App"
Linux: $SPLUNK_HOME/etc/apps/<app name>/local/savedsearches.conf
Windows: $SPLUNK_HOME\etc\apps\<app name>\local\savedsearches.conf
Example) $SPLUNK_HOME/etc/apps/search/local/savedsearches.conf
<Setting details>
[alert name] action.email.from =< address for from >
例)アラート名がtest_alert、from用アドレスがsplunk@macnica.co.jp の場合
[test_alert]
action.email.from=splunk@macnica.co.jp*After changing the settings, restart the splunk service.
that's all
- If the permission is "Private"
In charge of Macnica Splunk Co., Ltd.
- TEL:045-476-2010
- E-mail:splunk-sales@macnica.co.jp
Mon-Fri 8:45-17:30
