Splunk alert is triggered but not sending the emai...

mufthmu · ‎01-09-2020

I set up a new splunk instance on my local machine, created a dummy alert but it did not send me any notification email even though it was triggered.
any idea what might cause this issue in the alert_actions.conf file?
thanks!

gcusello · ‎01-09-2020

Hi @mufthmu,
at first check if your Splunk Search Head reach the SMTP server on port you enabled (e.g. 465) using telnet from SH (telnet IP_SMTP_Server 465).
Then did you configured SMTP Server (as @arjunpkishore5 said) in [Setting -- Server Settings -- eMail Settings]?

If the above checks are Ok, check the dimension of your message and attachment, if one of them exceeds the eMail limits, it will be blocked.

Ciao.
Giuseppe

Praz_123 · ‎11-06-2023

@gcusello

Same issue am facing as i had checked above solution worked on that it is working fine ,Till September received(email notification ) the report for the alert triggered but it is stopped from October.

what could be the issue ??

arjunpkishore5 · ‎01-09-2020

Have you setup the SMTP server settings ?

Check the mailserver section in alert_actions.conf - https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Alertactionsconf

Splunk alert is triggered but not sending the email

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability