Reporting

Sending Email using sendemail works, but not from scheduled search

fbustamantes
Explorer

Hello,

I'm trying to configure a splunk server to send alerts via email. However, I can't seem able to make it work correctly.

The funny thing is that if I try a splunk search from the GUI with the "sendemail" command, it works fine and I get the email, but if I try to schedule the same search, emails don't arrive.

I have checked all the logs, and everything seems to be ok, I don't see any errors or whatever.

Anyone have faced something like this? What else can I troubleshoot to see where the problem is?

Thanks in advance for your help.

Best regards

Tags (1)

ben363
Path Finder

I have the opposite problem. Works from scheduled search, not from the script.

By adding debug to sendemail.py I can confirm that when running from sendemail, it doesn't pick up the config that was set using the GUI. When running from scheduled search, it does.

Strangely, I have two saved searches - one uses a value for action.email.mailserver from users/ben363/search/local/savedsearches.conf. The other saved search (same file) doesn't have that value - it uses the value from system/local/alert_actions.conf

0 Karma

flle
Path Finder

I also have the same issue. Would be nice to know if this is a bug or works as designed?
Maybe it would interfere with the scheduled search/alert mailing functionality? Functionality is almost identical, however, in the scheduled search mail alerting, one cannot set the mail sender (from). This is always the globaly definied mail sender. So a working sendemail command in scheduled searches would be helpful.

0 Karma

Navanitha
Path Finder

Hi,
I am facing the same problem. Sendmail command is not working with scheduled reports. I do not have "username" anywhere in my search. Can you tell how this was resolved at your end?

Thanks.

0 Karma

supersleepwalke
Communicator

I had this problem when the following string was somewhere in my search:

username=

The sendemail.py script was not properly escaping the search string, and that part of my search was actually changing the username field within sendemail.py, causing it to try authenticating to the SMTP server. (You can see the authentication errors in /opt/splunk/var/log/splunk/python.log ). I was able to fix it by using something other than username in my search.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...