Solved: Unable to send scheduled search results by email

anthonycopus · ‎02-18-2014

Hi,

I'm currently trying to schedule a search which sends the results by pdf to a few emails.
However, in the splunk ui the settings appear correct but won't send.

I have alert condition set to 'always'
Send email is ticket to 'enabled'
Include results in email as pdf is selected
Valid email addresses and email subject are entered.

But this appears to all be ignored. The savedsearch is valid and I'm sure email settings are correct as I can add instruction to inline queries to send results to email. It's simply these alert settings that inexplicably (to me) won't work.

Any ideas?

Also, I would like the graph to have stacked results rather than side by side (as it's a timechart span=1d count by variable). Is this possible easily?

Thanks
Anthony

anthonycopus · ‎02-25-2014

After speaking with Splunk support, it turns out the issue was the alert_actions.conf file in the local folder.

This was not needed after upgrading to splunk 6.0.1 (previously splunk 4.0). Removing this file from the directory permitted alerts to go ahead as per normal.

View solution in original post

anthonycopus · ‎02-25-2014

After speaking with Splunk support, it turns out the issue was the alert_actions.conf file in the local folder.

This was not needed after upgrading to splunk 6.0.1 (previously splunk 4.0). Removing this file from the directory permitted alerts to go ahead as per normal.

Unable to send scheduled search results by email

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life