Refine your search:

How to send Splunk email alerts through AWS SES

1

Hi,

I am working on ubuntu servers on AWS and wants to use SES functionality of AWS to send splunk email alerts, is this possible?

asked 03 Jul '11, 23:41

jobycxa's gravatar image

jobycxa
21112
accept rate: 0%

3 Answers:
oldestnewestmost voted
1

I'd say "sure, it's possible -- if you're willing to write some code to do it". The default Splunk "send email" action uses plain old SMTP under the covers. You could modify $SPLUNK_HOME/etc/apps/search/bin/sendemail.py to use the Amazon SES API. These changes could get overlaid during an upgrade and would probably not be supported by Splunk support.

link

answered 04 Jul '11, 14:20

dwaddle's gravatar image

dwaddle ♦
15.5k2924
accept rate: 33%

It'll be great if you can throw some light on this as i am not familiar with python scripts.Any documentation link for this?

(04 Jul '11, 21:47) jobycxa

This really isn't in an area of publicly documented Splunk. You're changing what is basically an exposed implementation detail. If you don't know python, your job probably just got a little harder. The documentation for the sendemail command ( http://www.splunk.com/base/Documentation/latest/SearchReference/Sendemail ) might help you, as well as the documentation around alert_actions.conf ( http://www.splunk.com/base/Documentation/latest/Admin/Alertactionsconf ). There's also an article at Amazon ( http://aws.amazon.com/articles/2405502737055650 ) that provides an example of SES in python.

(05 Jul '11, 14:45) dwaddle ♦
1

Amazon now offers SMTP Server with their AWS SES service. We got it working now. Here is how you do it: go to amazon and set the SMTP incl. one user up. (see Amazon doc)

In Splunk: Mail host: (choose the one amazon tells you) email-smtp.us-east-1.amazonaws.com:465 Security: Enable SSL UserName: amazon crypto username Pass: abc Link hostname: your external IP of the splunkserver send emails as: the verfied Email adress

That setup worked for us

link

answered 17 Feb '12, 00:20

philipp.schneider's gravatar image

philipp.schn...
211
accept rate: 0%

philippschneider's answer worked with a minor change - instead of enable SSL, I had to use Enable TLS.

Mail host: email-smtp.us-east-1.amazonaws.com (no port mentioned) Enable TLS Username: SESUSERNAME Password: SESPASSWORD send email as: verified email address

(10 Oct '12, 07:26) mchandramouli
0

Update to the answer of Philipp Schneider:

The Link hostname is NOT your external IP of the splunkserver, but the internal IP! Because if you're enable the PDF Server for Linux to schedule PDF reports, you will not be able to generate PDF's with your external IP!

Cheers

Selim

System Administrator, Junior - Cloud Development

coresystems ag

Villa im Park | Dorfstrasse 69

5210 Windisch | Switzerland

link

answered 09 Mar '12, 05:27

Selim.Imoberdorf's gravatar image

Selim.Imober...
211
accept rate: 0%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×176

Asked: 03 Jul '11, 23:41

Seen: 1,262 times

Last updated: 10 Oct '12, 07:26

Related questions

How can I get Splunk on OS X to send email alerts?

Splunk Alerts error (Initial access check failure) while sending mail

Splunk Email

Can we send Email alert to my personal mail

How splunk use the SMTP server to send email notification

Kickoff Saved Search Email through api

Problem with sending email

splunk email alerts failing on send

Convert all email alerts to send _time in standard time format rather than epoch

Copyright © 2005-2012 Splunk Inc. All rights reserved.