- Splunk Answers
- :
- Using Splunk
- :
- Alerting
- :
- Unable to trigger alert from splunk - Name or serv...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable to trigger alert from splunk - Name or service not known while sending mail
I cannot able to trigger alerts from splunk.
Splunk Version : 6.1
Below is the error message that i can see in :
source="/opt/splunk/var/log/splunk/python.log"
Eg email : myemailid@domain.net
alert_actions.conf
[email]
mailserver = smtp.domain.net
reportServerEnabled = 0
reportServerURL =
from = Splunk
commands.conf
[sendemail]
filename = sendemail.py
streaming = false
run_in_preview = false
passauth = true
required_fields =
changes_colorder = false
supports_rawargs = true
ERROR Logs:
2014-06-20 09:20:02,244 +0000 ERROR sendemail:348 - [Errno -2] Name or service not known while sending mail to: myemailid@domain.net
2014-06-20 09:20:02,243 +0000 ERROR sendemail:112 - Sending email. subject="Splunk Alert: Top five sourcetypes", results_link="htt://splunkservername:8000/app/search/@go?sid=scheduler__nobody__search__RMD5d5bc9be9473d1026_at_1403256000_14627", recipients="[u'myemailid@domain.net]"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
could somebody fix this issue?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have similar issues can some one tell me what was the fix for this
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi splunker12er,
looking at the sendemail.py script, your saved search fails during the try: to send the email. Actually at the moment, when the smtp auth user is checked.
- Did you double check all the settings related to sending emails?
- Increase the
EmailSendersystem logging channel - What happens if you use the working search as saved search, does this send the
email? Meaning, take the
|sendemail to="myemailid@domain.net" smtp="smtp.domain.net" sendresults=true format=htmlsearch and run it as saved search.
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
error Log:
ERROR sendemail:348 - please run connect() first while sending mail to: myemailid@domain.net
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I removed the smtp server name from the "Email Settings" page in Splunk Web.
(Point 3) When i save my search appended with the | sendemail command it works great.
But, when i use only my search query it doesnt send email.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When I use my query appended with ,
|sendemail to="myemailid@domain.net" smtp="smtp.domain.net" sendresults=true format=html
But why doesn't work with saved searches , i am confused
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
