Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Email alerts only sending some emails

jdhart1312
Loves-to-Learn
‎02-27-2024 05:49 AM

We got the email alert notifications running in Splunk and the configuration the same across all of the alerts but only some of them actually send an email. We have a separate page where we can see all of the alerts but we don't see all of them come across our emails. All of the alerts are configured the same way as seen below: 

jdhart1312_2-1709041542796.png

I'm not understanding why the email notifications only work for certain alerts when we can see all of the alerts on our dashboard and they're all configured the same. 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

kiran_panchavat
Contributor
‎02-27-2024 08:34 AM

@jdhart1312 

Check for Errors: Search the _internal index for any email-related errors or warnings. Use the following search query:

index=_* AND (SMTP OR sendemail OR email) AND (FAIL* OR ERR* OR TIMEOUT OR CANNOT OR REFUSED OR REJECTED)

Reply

kiran_panchavat
Contributor
‎02-27-2024 08:33 AM

@jdhart1312 It seems like you’re experiencing an issue with email alert notifications in Splunk. 

First, ensure that the user account associated with the alerts has the necessary permissions to send emails. Sometimes, issues arise due to permission restrictions. Verify that the user has the appropriate access.

Test with |sendemail Command: Run an ad-hoc test using the | sendemail command in your search query. This will help verify if emails are being sent correctly. If you receive the expected results via email, it indicates that the email functionality is working, and the issue might be specific to your alerts.

Ensure that the dimensions of any attachments (such as PDFs) do not exceed the email attachment size limit. Large attachments may cause email delivery problems.

Email notification action - Splunk Documentation

 

Reply

jdhart1312
Loves-to-Learn
‎02-27-2024 10:58 AM

I followed all of the steps and I'm not seeing anything in Splunk for these email logs. Doing | sendemail also did nothing. Some alerts work perfectly fine but others don't. Configuration is identical too. 

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...