sendemail after alert fails

reallyliri · ‎11-12-2018

From /opt/splunk/var/log/splunk/python.log:

2018-11-12 14:29:08,776 +0000 ERROR sendemail:137 - Sending email. subject="Splunk Alert: Errors in develop", results_link="https://localhost:8000/app/search/@go?sid=rt_scheduler__admin__search__RMD58e26482826eced90_at_1542024571_26.426", recipients="[u'my_email@gmail.com']", server="localhost"
2018-11-12 14:29:08,776 +0000 ERROR sendemail:458 - [Errno 99] Cannot assign requested address while sending mail to: my_email@gmail.com

My /opt/splunk/etc/system/local/alert_actions.conf:

[email]
auth_password = XXX
auth_username = my_email@gmail.com
hostname = localhost
mailserver = smtp.gmail.com:465
pdf.header_left = none
pdf.header_right = none
use_ssl = 1

what configuration am I missing? errno 99 is EADDRNOTAVAIL , not clear what is not available, is it the server="localhost" in the error log? where should I set it?

reallyliri · ‎11-14-2018

I ended up editing /opt/splunk/etc/apps/search/bin/sendemail.py, don't see whats wrong with the configuration or why this isn't working out-of-the-box.

richgalloway · ‎11-15-2018

@reallyliri If your problem is resolved, please edit your answer to explain the edits you made to resolve it. Then accept the answer so future readers with the same problem can find your solution.

---
If this reply helps you, Karma would be appreciated.

reallyliri · ‎11-12-2018

sending mail from query works fine: ... | sendemail to="my_email@gmail.com" format=raw sendresults=1 footer="Sent from Splunk." from="SplunkAlerts" subject="Splunk Alert" message="The following Splunk Alert has been fired:"

sendemail after alert fails

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases