The alert triggers and Splunk tries to send the alert email, but something is wrong.
In the internal log, I find this one error:
03-02-2016 19:22:04.376 +0800 ERROR ScriptRunner - stderr from '/data/splunk/bin/python /data/splunk/etc/apps/search/bin/sendemail.py "results_link=http://linuxscan:8000/app/asset_discovery/@go?sid=scheduler__admin_YXNzZXRfZGlzY292ZXJ5__RMD51f09c7f374d6ba97_at_1456917720_400" "ssname=危险端口开启告警" "graceful=True" "trigger_time=1456917721" results_file="/data/splunk/var/run/splunk/dispatch/scheduler__admin_YXNzZXRfZGlzY292ZXJ5__RMD51f09c7f374d6ba97_at_1456917720_400/results.csv.gz"': ERROR:root:'NoneType' object has no attribute 'find' while sending mail to: test@test.com
Server information:
6.3.0
Splunk internal version
aa7d4b1ccb80
Installed app:
Asset Discovery
version
6.0
internal version
10
I believe there is a minor bug here. In the Email settings page "Send mail as" field is optional, however on sendemail.py file, this field is required. It is being used without any null/none check on line 96.
When i enter a valid sender address i get no error, if i dont enter i get "'NoneType' object has no attribute 'find' while sending mail to: ...." error.
sendemail.py code;
# make sure the sender is a valid email address
if sender.find("@") == -1:
sender = sender + '@' + socket.gethostname()
if sender.endswith("@"):
sender = sender + 'localhost'*
I face this issue in;
Splunk Version Splunk Light Version 6.4.1
Splunk Build debde650d26e
Hi perlish, it will be difficult to pinpoint the issue with just the above info. What do you see in the python.log?
$SPLUNK_HOME/var/log/splunk/python.log
Is any email going out of your splunk server (for other alerts)?
Hi, Yasaswy .thanks for you answer my question ~.
any email going out of your splunk server (for other alerts)?
not anyone email success to send . and i'm sure the sender account&password is right
python.log with two error line :
2016-03-03 10:39:04,434 +0800 ERROR sendemail:114 - Sending email. subject="Splunk Alert: 危险端口开启告警 high port scan", results_link="http://linuxscan:8000/app/asset_discovery/@go?sid=scheduler__admin_YXNzZXRfZGlzY292ZXJ5__RMD51f09c7f374d6ba97_at_1456972740_1332", recipients="[u'test@test.com']", server="smtp.exmail.test.com:465"
2016-03-03 10:39:04,434 +0800 ERROR sendemail:377 - 'NoneType' object has no attribute 'find' while sending mail to: test@test.com