Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk alert mail is in plain text

c155969
New Member
‎05-22-2018 02:26 AM

I have configured an alert in Splunk Enterprise 6.6.3.
The alert itself works and I get the Email.
But the Email content is wrong it look like:

From: no.reply@test.com
Date: Mon, 21 May 2018 12:01:01 +0200
X-Priority: 3
X-Splunk-Name: My test error
X-Splunk-Owner: splunkuser
X-Splunk-App: TEST
X-Splunk-SID: scheduler_splunkuserTEST_RMD5f5ddfff38b8f486c_at_1526896860_9502
X-Splunk-ServerName: splunkserver
X-Splunk-Version: 6.6.3
X-Splunk-Build: e21ee54bc796
X-CompuMailGateway: Version: 6.00.4.17261.x86_64 COMPUMAIL Date: 20180521100101Z
Content-Type: multipart/mixed; boundary="===============1519125244710537315=="
This is a multi-part message in MIME format.
--===============1519125244710537315==
Content-Type: multipart/alternative;
boundary="===============0576424335523694884=="
MIME-Version: 1.0
--===============0576424335523694884==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
VGhlIGFsZXJ0IGNvbmRpdGlvbiBmb3IgJ015IHRlc3QgZXJyb3InIHdhcyB0cmlnZ2VyZWQgaW4gVEVTVCBlbnZpcm9ubWVudC4NCg0KYW4gcmVjZWl2ZXI6DQpPbi4u

What do I wrong?

0 Karma
Reply

c155969
New Member
‎05-22-2018 11:46 PM

Thanks for the answer. I checked this and do not see any conent_type Settings at all.
however, when I Change the alert Action in the Splunk-GUI to 'Plain Text' THEN I see the following when running btool:

/opt/splunk/etc/apps/TEST/local/savedsearches.conf action.email.content_type = plain

As soon as I Switch alert type Setting back to 'HTML & plain Text' in the gui the Content_type Setting disappers.
Is html the Default?

0 Karma
Reply

somesoni2
Revered Legend
‎05-22-2018 08:12 AM

Check what's the content_type set for your alert email. You can run btool command on the search head where that alert search exists and see.

$Splunk_home/bin/splunk btool savedsearches list "YourAlertSearchNameHere" --debug

content_type = [html|plain]
* Specify the content type of the email.
  * plain sends email as plain text
  * html sends email as a multipart email that include both text and html.
0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...