Email Notification Targets
You can send Notifications by email, using an SMTP server of your choice. Once you have configured the email Notification target, you can specify the recipients and customize the subject line and message content. See Email Notifications for details on configuring an email Notification.
To add an email Notification target in Search, do one of the following:
- Open a saved or scheduled search and select Notifications in the UI sidebar. Toggle Send notifications on, if necessary, then configure the target.
- At the top level, select Settings, then Search, then** Notification Targets, then Add Target.
If you have an Enterprise plan, you can use the preconfigured default Email Notification target.
General Settings
Target ID: Enter a unique name to identify this email Notification target.
Configuration
Address: Identify the SMTP server by its hostname or IP address.
Port: Set the SMTP port.
- Use port
587for SMTP Secure (SMTPS). You can also use port25. - Use
465when SSL/TLS is enabled. - You can also use port
2525if your email service provider supports this port as a backup when other ports are blocked by a network provider or a firewall.
From: Identify the email address of the sender.
Encryption type: Specify the encryption type used to secure SMTP communication. Options include:
- STARTTLS: Select this option to start the connection as plaintext, then upgrade it to a TLS-encrypted one if the server supports it. If the server doesn’t support it, the connection remains plaintext.
STARTTLS upgrades the connection to be encrypted but does not authenticate the server. Take additional steps to prevent man-in-the-middle attacks.
- Require STARTTLS: Select this option to require TLS. If the server doesn’t support a secure connection, the connection will be dropped.
- TLS (SMTPS): Select this option to use an encrypted connection from the start without requiring a subsequent connection upgrade.
- None: Select this option to use a plaintext connection.
Minimum TLS version: Optionally, select the minimum TLS version to use when connecting.
Maximum TLS version: Optionally, select the maximum TLS version to use when connecting.
Validate server certs: Toggle on to reject certificates that are not authorized by a CA in the CA certificate path or by another trusted CA (such as the system’s CA).
Authentication
Username: The authentication principal (if required).
Password: The authentication credential (if required).
Testing Email Notification Targets
See Test the Email Notification Target.
Default Email Notification Target for Enterprise Organizations
A default email Notification target is available for Cribl Stream, Cribl Edge, and Cribl Search Organizations on an Enterprise plan. You can use this target to route any email Notification to any valid email address.
This target appears in the Notifications > Target modal as
system_email. You cannot modify or remove this target.
The system_email Notification target is managed by Cribl. It will be disabled
in the unlikely event of abuse. If this target is disabled for a Workspace, a
log entry will appear in the Notifications Service logs. Select Monitoring >
Logs > Notifications Service to view this log.
Sending Domain for Email Notifications
Every Workspace and Organization has a unique address for its email
Notification target. Messages sent using this target will have a sender’s
address in the form
do-not-reply@<workspaceName>-<organizationId>.criblcloud.email. To ensure
delivery, recipients should add the criblcloud.email domain to their email
allowlists.