product
- Why choose Splunk
- Installation record
- price
- Splunk Enterprise Security
- Splunk Phantom (SOAR)
- Splunk ITSI (Next Generation IT Operations)
- Splunk Observability Cloud
- Splunk UBA
- Macnica CSIRT App Basic
- App for Splunk for Financial Institutions
- Splunk Analytics for Hadoop
- About Apps
- Splunk Edge Hub
- What is Splunk
service
- Dashboard/SPL Creation Pack [Implementation/Building Support]
- Version upgrade service [implementation and construction support]
- Smart Security Monitoring App [Original App/Service]
- Splunk × LANSCOPE Original App [Original App/Service]
- Security Monitoring App for Box [Original App/Service]
- Cloud Security Monitoring App [Original App/Service]
- List of services
- Macnica Premium Support for Splunk (utilization support, version upgrade monitoring)
- Macnica Premium Support for Splunk Skill Up Package
Specifications/Technical Information
Application for evaluation machine
- FAQ
How to change From of alert mail
- release date
- 2015-11-10
- last updated
- 2023-05-19
- version
- Splunk Enterprise 9.0.4
- Overview
- This article describes how to change the sender (From) of the email sent by an alert action.
- Reference information
- content
-
If you want to change the sender (From) of the email sent by the alert action, you can change it by the following method. (There are 2 ways)
When changing the sender (From) common to all alert mails
Change the value of "Send emails as" in Email Format in Settings > Server Settings > Email Settings.
When changing the email sender (From) for each individual alert
Set the following in savedsearches.conf of the server that performs the search.
<path to save savedsearches.conf>
- If the permission is "Private"
Linux: $SPLUNK_HOME/etc/users/<owner>/<app name>/local/savedsearches.conf
Windows: $SPLUNK_HOME\etc\users\<Owner>\<App name>\local\savedsearches.conf
Example) $SPLUNK_HOME/etc/users/admin/search/local/savedsearches.conf - If the permission is "App"
Linux: $SPLUNK_HOME/etc/apps/<app name>/local/savedsearches.conf
Windows: $SPLUNK_HOME\etc\apps\<app name>\local\savedsearches.conf
Example) $SPLUNK_HOME/etc/apps/search/local/savedsearches.conf
*$SPLUNK_HOME is the installation directory. By default, it is as follows:
Linux: Splunk Enterprise: /opt/splunk
Universal Forwarder: /opt/splunkforwarder
Windows: Splunk Enterprise : C:\Program Files\Splunk
Universal Forwarder: C:\Program Files\SplunkUniversalForwarder
<Settings>[alert name] action.email.from =< address for from >
例)アラート名がtest_alert、from用アドレスがsplunk@macnica.co.jp の場合
[test_alert]
action.email.from=splunk@macnica.co.jp*After changing the settings, restart the splunk service.
that's all
- If the permission is "Private"
In charge of Macnica Splunk Co., Ltd.
- TEL:045-476-2010
- E-mail:splunk-sales@macnica.co.jp
Weekdays: 9:00-17:00