Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Saved Searches not emailing out

jtwcarboy
New Member
‎06-02-2010 06:17 PM

I have saved searches and all of a sudden with no changes they are returning this error to the python.log file.

ERROR Error in 'sendemail': (128, 'Network is unreachable') while sending mail to: user@user.com

I checked manually and i can send an email from this server to myself just splunk isnt able to send emails and im not sure how to resolve this issue. I can telnet over 25 to my mailhost so this has to be something simple to do with splunk itself.

Any help is appreciated.

Tags (1)
0 Karma
Reply

jrodman
Splunk Employee
Splunk Employee
‎07-02-2010 04:31 PM

In splunk terminology, searches that are scheduled and send emails, are alerts. The email sender is saying it cannot access your mail server. The alert_actions config screen is where you say how for it to reach your mailserver.

0 Karma
Reply

jtwcarboy
New Member
‎06-09-2010 03:07 PM

There is no alert_actions.conf file as im not using alerts but im only running saved searches every morning but not alerts.

Also what is the usage for the sendemail.py command as when i run it it get this:

import: Unable to connect to X server ().
import: Unable to connect to X server ().
/opt/splunk/etc/searchscripts/sendemail.py[4]: from: not found
import: Unable to connect to X server ().
/opt/splunk/etc/searchscripts/sendemail.py[8]: importanceMap: not found
/opt/splunk/etc/searchscripts/sendemail.py[9]: highest:: not found

0 Karma
Reply

deletethisaccou
Explorer
‎06-04-2010 07:01 AM

Hi,

Have you done the right settings at this page? http://lxs-monet:8000/en-US/manager/unix/configs/conf-alert_actions/email/?action=edit

Make sure that you entered an VALID sender-email adress. With valid, I mean: [somename]@[somedomain].com Somename doesn't have to be a valid name (at my configuration) Mine email function did not work until I changed the sender-adress.. 😉

Reply

jrodman
Splunk Employee
Splunk Employee
‎07-02-2010 04:32 PM

If you never configured alert_actions, sendemail would try to connect to localhost, port 25, to send the email. It's possible something about your netwrorking configuration or environment has changed. It seems quite likely though that configuring the alert_actions as in the above url (but using your splunk server) will resolve the issue.

0 Karma
Reply

jtwcarboy
New Member
‎06-09-2010 03:08 PM

I cannot get to that website you posted and also in the saved search box i dont have a field for "From" or "Sender" But i must say that my saved searches have worked for 1yr then all of a sudden stopped with that error i put in the original post.

0 Karma
Reply

Lowell
Super Champion
‎06-02-2010 09:25 PM

What host is set in $SPLUNK_HOME/etc/system/local/alert_actions.conf in the [email] stanza. The host is set with hostname=<hostname>

0 Karma
Reply

Lowell
Super Champion
‎06-02-2010 09:23 PM

Have you tried running the sendemail command manually? I'm guessing that you are using the scheduled saved searched with email alerting? If you are running on a unix OS with a local MTA, then you may want to forward your email to localhost and let your local MTA handle there rest (this will give you a small buffer if you do experience a temporary network outage)

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...