Dashboards & Visualizations

Send a mail using sendemail command from search?

Shan
Builder

Hi All,

Need your help to resolve below issue.
Using below query, adding a button to Dashboard.
By clicking that button, sending the information of line to user.
Instead of using personal mail id, i will use official mail id is one of the change in below mentioned query.

Getting Following Error:

command="sendemail", 'rootCAPath' while sending mail to: shankarananth@gmail.com

index=_internal  sendemail to="shankarananth@gmail.com" format=raw subject=myresults server=mail.splunk.com sendresults=true

Thanks in advance ..

0 Karma

apietersen
Contributor

Update:

"sendemail" does not work for default users with default user-role capability.

The issue was reported back to me to be solved in 8.1.3,  unfortunately it is not.

0 Karma

woodcock
Esteemed Legend

Are you saying that with some other email address it works, but with this email, it does not? In other words, does sendemail ever work for you? If not, check the error logs with this search:

index=_* sendemail AND (fail* OR err* OR timeout OR cannot OR incomplete OR invalid OR unknown OR reject* OR deni* OR deny)
0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

You need to send result from index=_internal to sendmail command and for that you need to use pipe |, additionally please use correct mail server, in your query you have given mail.splunk.com but do you have access to send email usingmail.splunk.com ? You need to use your company email server instead of mail.splunk.com

Please try below query

index=_internal | sendemail to="shankarananth@gmail.com" format=raw subject=myresults server=mail.splunk.com sendresults=true
0 Karma

Shan
Builder

@harsmarvania57 ,

First of all thank for the reply.

By mistake i left the | pipe in between index=_internal and sendemail while posting the query.
It's not working. As you said i will check for company mail server and give a try.

Thanks,
Shankar

0 Karma

mayurr98
Super Champion

Well just a note, in Order to use your company server name you would need to whitelist splunk server IP in your company's mail server.

0 Karma

apietersen
Contributor

Hi,

Since some version (now using 8.1.2) I have trouble to use the 'sendemail' command in a search (dashboard/form) for users that have the standard user-roles. This issue is troubling me for almost  1.5 year now.  Of course I am aware of the need to select 'list_settings' but had never has any results. When selecting 'admin_all_objects' in the standard user-role it is successful. 

But using the 'admin_all_objects' for standard user is nothing but a security breach. That can not be the solution , so what do I miss here?

An why does Splunk not create a separate and straightforward capability for this 'sendemail' command? 

Ashley Pietersen

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...