Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Email alert error "command="sendemail" [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time"?

boopaljothi
Explorer
‎01-28-2016 05:46 PM

I have installed hmail server in my personal laptop as mail server and have configured an account. Now trying to send an email alert to my personal gmail account using the same, but I am unable to send. I am trying to send email using the search command and getting the below error

Search:

index=main | head 5 | sendemail to=xxxx@gmail.com server=mail.mydomain.com subject="Here is an email notification" message="This is an example message" sendresults=true inline=true format=raw

Error:

command="sendemail", [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond while sending mail to: XXXX@gmail.com

There are no errors in the splunkd log and I see the same error message in python.log. Please let me know what could be issue.

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rakeshh123
Path Finder
‎01-28-2016 08:20 PM

Hello boopaljothi ,
Please check whether u have configured the following settings ......
Go to server settings -----> email settings ----->
Host:smtp.gmail.com:465
enable ssl
Email: x@gmail.com
password:******
save and restart
and use https: in the url( ssl is enabled) Now
If u r not getting mail after restart then go to
1.Gmail --------> Settings -----------> Forwarding and POP/IMAP---------> IMAP Access------>
IMAP Access: enable it ......

2.Gmail --------> Myaccount -----------> Sign-in & security----------> Connected apps & sites------>Allow less secure apps: enable it .......

let me know if it helps

View solution in original post

Reply
Solved! Jump to solution
Solution

rakeshh123
Path Finder
‎01-28-2016 08:20 PM

Hello boopaljothi ,
Please check whether u have configured the following settings ......
Go to server settings -----> email settings ----->
Host:smtp.gmail.com:465
enable ssl
Email: x@gmail.com
password:******
save and restart
and use https: in the url( ssl is enabled) Now
If u r not getting mail after restart then go to
1.Gmail --------> Settings -----------> Forwarding and POP/IMAP---------> IMAP Access------>
IMAP Access: enable it ......

2.Gmail --------> Myaccount -----------> Sign-in & security----------> Connected apps & sites------>Allow less secure apps: enable it .......

let me know if it helps

Reply
Solved! Jump to solution

boopaljothi
Explorer
‎01-30-2016 11:17 PM

hello rakesh -

thanks for the help. It worked for inline command in search.
below command worked and mail was received.
index=main | head 5 | sendemail to=xxxx@gmail.com server=smtp.gmail.com:465 subject="Here is an email notification" message="This is an example message" sendresults=true inline=true format=raw use_ssl=1

but scheduled alert is still taking the mail server incorrectly. i have tried updating the settings in emails settings and restarted the splunk. also checked the alert_actions.conf and it is set fine.

python log for scheduled alert:

2016-01-31 01:13:10,979 CST ERROR sendemail:115 - Sending email. subject="Splunk Alert: Server error", results_link="http://Boopal-MindPalace:8000/app/search/@go?sid=scheduler__admin__search__RMD5d4bfbc9a7af21f58_at_1...", recipients="[u's.boopal@xxxx']", server="mail.mydomain.com"
2016-01-31 01:13:10,980 CST ERROR sendemail:378 - [Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: xxxx@gmail.com

0 Karma
Reply
Solved! Jump to solution

rakeshh123
Path Finder
‎01-31-2016 08:39 PM

hello boopaljoti,
Let me know if u r scheduled alert is triggering any alerts ........You can check triggered alerts in Activity....Also see in search reports and alerts----------> whether alert mode is once per result /once per search .........understand the difference between them....make sure the severity is set to critical( i don't why ,but it worked for me).....

No connection could be made because the target machine actively refused it while sending mail to: xxxx@gmail.com: this may be due to u r trying to connect to another server .... in the first setting i specified
Go to server settings -----> email settings ----->Host :port........Give your required sever..

I can see ur link is HTTP not HTTPS......is ssl enabled ?

  let me know ....
0 Karma
Reply
Solved! Jump to solution

boopaljothi
Explorer
‎01-31-2016 08:43 PM

hello rakesh

issue has been resolved after i updated the gmail port to 465 and used ssl.

0 Karma
Reply
Solved! Jump to solution

rakeshh123
Path Finder
‎02-01-2016 11:35 PM

Regards
Rakesh
Vedicsoft Technologies

0 Karma
Reply
Solved! Jump to solution

boopaljothi
Explorer
‎01-31-2016 08:38 PM

i found the issue. it seems that savedsearches.conf was not updated. so i updated and it started working fine.

one clarifiication that i would need is in some blogs it is said to use port 587 and in some 465. what is the difference between the two.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...