- Splunk Answers
- :
- Using Splunk
- :
- Alerting
- :
- Why is sendemail not using correct mailserver?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is sendemail not using correct mailserver?
Hello,
I've been trying to get my splunk instance to send out email alerts using Amazon SES SMTP server without much luck.
The error in my python.log file seems to suggest that it is not collecting the correct server I have configured under Settings -> Server settings -> Email settings - or alert_actions.conf
The error being:
ERROR sendemail:142 - Sending email. ... server="localhost"
ERROR sendemail:473 - [Errno 111] Connection refused while sending mail to: email@domain.com
oddly enough, it gathers email@domain.com just fine as defined in my alert definition.
I've seen other posts on here suggesting that values in savedsearches.conf can override the action.email.mailserver configuration, but I see no such file in my local config directory or any other suggestion of a conflict for action.email.mailserver
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can check with btool if some app override the setting by unsetting the value:
/opt/splunk/bin/splunk btool savesearches list --debug|grep mailserver
/opt/splunk/bin/splunk btool alert_actions list --debug|grep mailserver
savedsearches.conf:
action.email.mailserver = <string>
* Set the address of the MTA server to be used to send the emails.
* Defaults to <LOCALHOST>
(or the 'mailserver' setting in alert_actions.conf file)
alert_actions.conf:
mailserver = <host>[:<port>]
* You must have a Simple Mail Transfer Protocol (SMTP) server available
to send email. This is not included with Splunk.
* Specifies the SMTP mail server to use when sending emails.
* <host> can be either the hostname or the IP address.
* Optionally, specify the SMTP <port> that Splunk should connect to.
* When the 'use_ssl' setting (see below) is set to 1 (true), you
must specify both <host> and <port>.
(Example: "example.com:465")
* Default: $LOCALHOST:25
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey, thanks for the response!
running these both gave me
/opt/splunk/bin/splunkd: error while loading shared libraries: libjemalloc.so.2: cannot open shared object file: No such file or directory
EDIT: Disregard, misread the commands you provided. no results for the first command, the second command spits out the correct smtp server that I'm expecting. No overwrites.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
does setting smtp server in savedsearches.conf helps?
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
