Sending Email Alerts using Java Mail

Welcome to my first blog entry. Hopefully, this will be a productive experience for all of us.

For my first topic, I’ve decided to talk about customizing Email Alerts in Splunk. Currently, in the 3.x version of Splunk, you can easily specify an alert to send an email, which can even include search results. Some people have asked me about customization such as controlling the from, subject, and mail host to send the email alert. One quick way to do this is to use a Scripted Alert in which the alert script has environment variables already set up to edit the To, From, Subject, and Host for the email. The alert scripts can then use your favorite email application to send out the mail.

I’ve elected to use JavaMail for this exercise and you can download the whole distribution, including required libraries, from splunkbase.com. I’ve also added an environment variable in the script to decide what day that mail will be allowed to be sent such as Daily, Weekday, or Weekend. You can customize this by taking it one step further by adding Time Start and Time End variables and updating the included Java code to inform the application what hours to suppress sending mail. Currently, the script is stateless in that it does not remember anything each time it executes. You could add state by writing to a file each time mail is sent and use that entry to decide whether to send mail the next time the script is activated.

Use your own rules for this framework and I hope you find it useful.