Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

After migrating Splunk 6.3.2 from Red Hat 5 to Red Hat 6, why am I getting "connection refused" errors trying to send an email?

ezajac
Path Finder
‎02-25-2016 06:20 AM

I am setting up Splunk 6.3.2 to run on a new Red Hat 6 server and migrated from a Red Hat 5 server. I installed Splunk using the 6.3.2 rpm and Splunk works fine. I tar'd the contents of /etc on the old RH5 server and untar'd them on the new RH6 server. I have done this in the past with no issues (RH5 to RH5). Email is the only thing not working, and in the ~splunk_home/var/log/python.log I see a bunch of Connection Errors when trying to send email. What did I do wrong here when converting?

16-02-25 09:09:13,810 -0500 ERROR     sendemail:378 - [Errno 111] Connection refused while sending mail to: userid@domain.com
2016-02-25 09:10:46,042 -0500 INFO      sendemail:985 - sendemail pdfService = pdfgen
2016-02-25 09:10:46,043 -0500 INFO      sendemail:1117 - sendemail:mail effectiveTime=1456409400
2016-02-25 09:10:47,330 -0500 INFO      sendemail:1137 - Generated PDF for email
2016-02-25 09:10:47,407 -0500 ERROR     sendemail:115 - Sending email. subject="Splunk Alert: Distributed_Alert_MI_(Disk Percent Free)", results_link="http://tlpsplu1:8000/app/search/@go?sid=scheduler__userid__search__RMD5ac90a8a41fbc3d92_at_1456409400_33993", recipients="[u'userid@domain.com']", server="tlpsplu1.domain.net"
2016-02-25 09:10:47,407 -0500 ERROR     sendemail:378 - [Errno 111] Connection refused while sending mail to: userid@domain.com
2016-02-25 09:11:15,807 -0500 INFO      sendemail:985 - sendemail pdfService = pdfgen
2016-02-25 09:11:15,808 -0500 INFO      sendemail:1117 - sendemail:mail effectiveTime=1456409460
2016-02-25 09:11:17,099 -0500 INFO      sendemail:1137 - Generated PDF for email
2016-02-25 09:11:17,214 -0500 ERROR     sendemail:115 - Sending email. subject="Splunk Alert: Distributed_Alert_MI_(Disk Percent Free)", results_link="http://tlpsplu1:8000/app/search/@go?sid=scheduler__userid__search__RMD5ac90a8a41fbc3d92_at_1456409460_34020", recipients="[u'userid@domain.com']", server="tlpsplu1.domain.net"
0 Karma
Reply

hemendralodhi
Contributor
‎03-06-2016 05:16 PM

As stated above, you need to check the connectivity from new server to your mail server possibly on port 25.Check the email setting in old server. Try to run the mail command manually from search and see if it is working.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-25-2016 06:54 AM

Perhaps a firewall is blocking connections from the RH6 server to the email server. Or the email server doesn't recognize the RH6 server and is refusing connections from it.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...