Alerting

Alert not sending email

terryloar
Path Finder
  • I copied alert_actions.conf [email] stanza from .../default to .../local directory as alert_actions.conf

  • I set up an alert to fire on the hour + 30. It does this successfully, however the email does not get sent.

  • When I created the alert the mailserver = was successfully changed in the alert_actions.conf

  • To make sure that the email could be sent, I successfully did a telnet 25 and sent an email from splunk@ to the recipient.

  • I noticed that after the alert fires, this entry changed in the alert_actions.conf file, even though I opted for no authentication:
    auth_password =
    auth_password = $1$0A==

  • python.log entry:

2014-03-27 11:30:03,019 Central Daylight Time ERROR sendemail:357 - Sending email. subject="Splunk Alert: Load Avg > 2",

results_link="http://WKGSSSPLKAPCP01:8000/app/capacity/@go?sid=scheduler__admin__capacity__RMD5264977cbcc6fb61e_at...",
(this worked from a browser)

recipients="['my valid email address']"

Tags (2)
0 Karma

terryloar
Path Finder

Solved. The problem was in the documentation stating that the sender could be just 'splunk' and the system would add the domain. Not so, and there are two places where you have to define the sender and it needs to be a full splunk@

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...