Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

After upgrade, emails are not being sent on triggered alerts.

scottrunyon
Contributor
‎02-10-2022 09:54 AM

After the upgrade of Splunk Enterprise to 8.2.4, several triggered alerts with tokens are no longer sending out emails.   

Looking at splunkd.log, there is a warning message concerning the alert

02-10-2022 10:02:28.244 -0600 WARN Pathname [15448 AlertNotifierWorker-0] - Pathname 'E:\Splunk\bin\Python3.exe E:\Splunk\etc\apps\search\bin\sendemail.py "results_link= "ssname=Password Reset Reminder" "graceful=True" "trigger_time=1644508948" results_file="E:\Splunk\var\run\splunk\dispatch\scheduler__srunyonadm__search__RMD5c5f30383081059ef_at_1644508800_24883\results.csv.gz" "is_stream_malert=False"' larger than MAX_PATH, callers: call_sites=[0xd4d290, 0xd4f001, 0x15d1632, 0x15ce217, 0x1439f53, 0x13c8176, 0x71f406, 0x71ea9e, 0x71e899, 0x6eaeeb, 0x70c3c5]

I am concerned with the "larger thanMAX_PATH" message because Splunk doc states - 

"The Windows API has a path limitation of MAX_PATH which Microsoft defines as 260 characters including the drive letter, colon, backslash, 256-characters for the path, and a null terminating character. Windows cannot address a file path that is longer than this, and if Splunk software creates a file with a path length that is longer than MAX_PATH, it cannot retrieve the file later. There is no way to change this configuration."

What can be done to get this working again?

Regards,

Scott Runyon

Labels (1)
Labels
0 Karma
Reply

nilankarunaratn
Observer
‎03-16-2024 04:39 PM

Scott,

Did you find a fix or workaround for this?  I am having the exact same issue.

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎03-17-2024 09:05 AM

Workaround? - Use Linux if possible.

 

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎02-11-2022 12:06 AM

I've heard this before and people say this is unnecessarily restricted path length on Windows.

https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation?tabs=cmd

Here is what Microsoft says about it. Search for some solution on the Windows side, I don't there is anything we can do on the Splunk side.

If possible switch to Linux is another option.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...