How to Configure Email Alerting using Gmail SMTP in SPLUNK
Step1: Configure Email Settings In SPLUNK
Configuring SPLUNK to connect to the gmail servers is very simple.
In Splunk, navigate to: “Settings > Server Settings > Email settings”
1) There you have to configure “Mail Server Settings”.
Example :- Mail host = smtp.gmail.com:587
Email security = Enable TLS
Username = SplunkGeek@gmail.com ( YOUR_GMAIL_ADDRESS)
Password = ******** ( YOUR_GMAIL_PASSWORD )
Confirm Password = ********
2) Now configure the “Email Format”.
3) Now click on save.
Step2: Gmail account settings
1) At first you have to sign in into your gmail account through your credentials.
2)Then you have to allow lesssecureapps option of your account.
Now you have to go the https://myaccount.google.com/lesssecureapps for allow the less secure apps. Now your gmail is fully configured to get the email alert from the SPLUNK server.
Step3: Create an alert.
For creating an alert at first you have to write a query and save as an alert.
Step4: Configure the alert.
- Give the alert name and description.Here we configure this alert which will be generated in every two minutes.The query will show the data of last 24 hours output as a result.
- Now you have to set the “Trigger Conditions” as per your requirement.
Here we have set the “Trigger Conditions” as Number of Results is greater than 0 . Also set the Trigger as Once.
- Set the “Trigger Actions”
Click on the “Add Actions” and select the “send email” option.
- Now set the “send email”
Here you give your gmail address and also can set the Priority. You can include multiple options as per your requirement. Then click on save.
Now whenever the condition will match ,alert will be generated and the results will be forwarded to your gmail.
Step5: Check the gmail account.
You can check your gmail account.There you will find the SPLUNK alert and also can see the results.
Hope this has helped you in achieving the below requirement without fail :
How to Configure Email Alerting using Gmail SMTP in SPLUNK
Happy Splunking !!
Easy to Implement..Easy to Follow… Thanks Abhay
Thanks Suresh !! We try to write the best content in layman language so that beginners can also understand !!
Excellent….
[…] mind is Email Alert Option. If you don’t how to setup email alerting in Splunk please click here. But we have come up with a new and interesting custom alert action. Do you know about Slack ?. […]
Hi,
I would like to know how we can index email attachment contents into Splunk ?
For example : If I send a mail to you with an attachment, I would like to get the contents in the attachment indexed into splunk
Thanks&Regards,
Kiran