<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Alert emails via Office 365 in Alerting</title>
    <link>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/525816#M9869</link>
    <description>&lt;P&gt;As part of&amp;nbsp;&lt;A href="https://community.splunk.com/t5/forums/replypage/board-id/splunk-alerting/message-id/9866" target="_blank" rel="noopener"&gt;https://community.splunk.com/t5/forums/replypage/board-id/splunk-alerting/message-id/9866&lt;/A&gt;&amp;nbsp;, I upgraded the installation of Splunk Enterprise from v8.0.6 to v8.1.0 (latest as of writing). Due to &lt;A href="https://docs.splunk.com/Documentation/Splunk/8.1.0/ReleaseNotes/MeetSplunk" target="_self"&gt;the new feature Allowed Email Domains&lt;/A&gt;, this changed the error to the following:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;2020-10-21 15:09:37,597 +0100 ERROR	sendemail:1599 - 'action.email.allowedDomainList'
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/search/bin/sendemail.py", line 1592, in &amp;lt;module&amp;gt;
    results = sendEmail(results, settings, keywords, argvals)
  File "/opt/splunk/etc/apps/search/bin/sendemail.py", line 469, in sendEmail
    ssContent['action.email.allowedDomainList'] = ssContent['action.email.allowedDomainList'].strip()
KeyError: 'action.email.allowedDomainList'&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020 ∕ 10 ∕ 21 15꞉17꞉36 - Search__Splunk_8.1.0_-_Google_Chrome.png" style="width: 999px;"&gt;&lt;img src="https://community.splunk.com/t5/image/serverpage/image-id/11413i548C45337A02F785/image-size/large?v=v2&amp;amp;px=999" role="button" title="2020 ∕ 10 ∕ 21 15꞉17꞉36 - Search__Splunk_8.1.0_-_Google_Chrome.png" alt="2020 ∕ 10 ∕ 21 15꞉17꞉36 - Search__Splunk_8.1.0_-_Google_Chrome.png" /&gt;&lt;/span&gt;Weirdly, &lt;FONT face="courier new,courier"&gt;/en-GB/manager/search/admin/alert_actions/email?action=edit&lt;/FONT&gt;&amp;nbsp;→&amp;nbsp;&lt;SPAN&gt;&lt;FONT face="courier new,courier"&gt;Allowed Domains&lt;/FONT&gt;&amp;nbsp;is marked with an asterisk as if it's required (which the above behaviour would suggest) but says&amp;nbsp;&lt;FONT face="courier new,courier"&gt;Leave empty for no restriction&lt;/FONT&gt;.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020 ∕ 10 ∕ 21 15꞉25꞉33 - Settings__Splunk_-_Google_Chrome.png" style="width: 999px;"&gt;&lt;img src="https://community.splunk.com/t5/image/serverpage/image-id/11417i625B295469EDDA58/image-size/large?v=v2&amp;amp;px=999" role="button" title="2020 ∕ 10 ∕ 21 15꞉25꞉33 - Settings__Splunk_-_Google_Chrome.png" alt="2020 ∕ 10 ∕ 21 15꞉25꞉33 - Settings__Splunk_-_Google_Chrome.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;As this is a new feature, I just put this down to a bug, added our recipient domain name anyway, and verified that it pushed to the advanced settings of the alert but doing so didn't make a difference - the same errors continued.&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020 ∕ 10 ∕ 21 15꞉48꞉30 - New_Incident__Splunk_8.1.0_-_Google_Chrome.png" style="width: 999px;"&gt;&lt;img src="https://community.splunk.com/t5/image/serverpage/image-id/11419i02E713342409CFCE/image-size/large?v=v2&amp;amp;px=999" role="button" title="2020 ∕ 10 ∕ 21 15꞉48꞉30 - New_Incident__Splunk_8.1.0_-_Google_Chrome.png" alt="2020 ∕ 10 ∕ 21 15꞉48꞉30 - New_Incident__Splunk_8.1.0_-_Google_Chrome.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;In file &lt;FONT face="courier new,courier"&gt;/opt/splunk/etc/apps/search/bin/sendemail.py&lt;/FONT&gt;, I added the lines beginning with &lt;FONT face="courier new,courier"&gt;logFile&lt;/FONT&gt; in the following block of code:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;    logFile.write("ssContent action.email.allowedDomainList before: {}\n".format(ssContent.get('action.email.allowedDomainList')))
    logFile.write("alertContent allowedDomainList before: {}\n".format(alertContent.get('allowedDomainList')))
    ssContent['action.email.allowedDomainList'] = ssContent['action.email.allowedDomainList'].strip()
    logFile.write("ssContent action.email.allowedDomainList stripped: {}\n".format(ssContent.get('action.email.allowedDomainList')))
    if ssContent.get('action.email.allowedDomainList') != alertContent.get('allowedDomainList'):
        ssContent['action.email.allowedDomainList'] = alertContent['allowedDomainList']
        logger.warn("For alert=%s, the 'allowedDomainList' value is always obtained from alert_actions.conf."
                    "The allowedDomainList=%s" % (ssname, alertContent.get('allowedDomainList')))

    if alertContent.get('allowedDomainList') != "":
        if ssContent.get('action.email.mailserver') != alertContent.get('mailserver'):
            ssContent['action.email.mailserver'] = alertContent['mailserver']
            logger.warn("For alert=%s, if a 'allowedDomainList' is specified, it uses the 'mailserver'=%s in alert_actions.conf." %
                        (ssname, ssContent.get('action.email.mailserver')))

    logFile.write("action.email.allowedDomainList after: {}\n".format(ssContent.get('action.email.allowedDomainList')))
    logFile.write("alertContent allowedDomainList after: {}\n".format(alertContent.get('allowedDomainList')))&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The log file contains the following:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;ssContent action.email.allowedDomainList before: None
alertContent allowedDomainList before: &amp;lt;my domain&amp;gt;
ssContent action.email.allowedDomainList before: None
alertContent allowedDomainList before: &amp;lt;my domain&amp;gt;
ssContent action.email.allowedDomainList before: None
alertContent allowedDomainList before: &amp;lt;my domain&amp;gt;&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;So, given that it's not even getting passed &lt;FONT face="courier new,courier"&gt;.strip()&lt;/FONT&gt;, I can only assume that this is a bug.&lt;/P&gt;&lt;P&gt;Also, this 365 account was provisioned for me and I trust the person who did so but I thought I should check that the credentials are valid and found that the password was required to be changed. So, I've set a new password, verified access, and updated Splunk. However, doing so didn't make a difference either.&lt;/P&gt;</description>
    <pubDate>Wed, 21 Oct 2020 15:03:17 GMT</pubDate>
    <dc:creator>benhooper</dc:creator>
    <dc:date>2020-10-21T15:03:17Z</dc:date>
    <item>
      <title>Alert emails via Office 365</title>
      <link>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/525749#M9867</link>
      <description>&lt;P data-unlink="true"&gt;As per &lt;A href="https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365#how-to-set-up-smtp-auth-client-submission" target="_blank" rel="noopener"&gt;https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365#how-to-set-up-smtp-auth-client-submission&lt;/A&gt;&amp;nbsp;,&amp;nbsp; my email server settings are as follows:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;Mail host:&amp;nbsp;&lt;FONT face="courier new,courier"&gt;smtp.office365.com:587 &lt;/FONT&gt;(I've also tried using port 25 or omitting it entirely)&lt;/LI&gt;&lt;LI&gt;Email security: &lt;FONT face="courier new,courier"&gt;Enable TLS&lt;/FONT&gt;&lt;/LI&gt;&lt;LI&gt;Username: UPN of an Exchange Online-licensed 365 account.&lt;/LI&gt;&lt;LI&gt;Password:&amp;nbsp;Password of the same Exchange Online-licensed 365 account.&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020 ∕ 10 ∕ 21 11꞉28꞉54 - Settings__Splunk_-_Google_Chrome.png" style="width: 999px;"&gt;&lt;img src="https://community.splunk.com/t5/image/serverpage/image-id/11421iB15DFFAAD04B707A/image-size/large?v=v2&amp;amp;px=999" role="button" title="2020 ∕ 10 ∕ 21 11꞉28꞉54 - Settings__Splunk_-_Google_Chrome.png" alt="2020 ∕ 10 ∕ 21 11꞉28꞉54 - Settings__Splunk_-_Google_Chrome.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;I created an alert normally and configured it to send an email:&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020 ∕ 10 ∕ 21 11꞉30꞉07 - Searches,_reports,_and_alerts__Splunk_8.0.6_-_Goo.png" style="width: 800px;"&gt;&lt;img src="https://community.splunk.com/t5/image/serverpage/image-id/11400iE581903301F2F555/image-size/large?v=v2&amp;amp;px=999" role="button" title="2020 ∕ 10 ∕ 21 11꞉30꞉07 - Searches,_reports,_and_alerts__Splunk_8.0.6_-_Goo.png" alt="2020 ∕ 10 ∕ 21 11꞉30꞉07 - Searches,_reports,_and_alerts__Splunk_8.0.6_-_Goo.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;However, the log reports two problems (probably related):&lt;/P&gt;&lt;OL&gt;&lt;LI&gt;It's trying to use&amp;nbsp;&lt;FONT face="courier new,courier"&gt;server="localhost"&lt;/FONT&gt;.&lt;/LI&gt;&lt;LI&gt;&lt;FONT face="courier new,courier"&gt;SMTP AUTH extension not supported by server&lt;/FONT&gt;.&amp;nbsp;&lt;/LI&gt;&lt;/OL&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020 ∕ 10 ∕ 21 11꞉35꞉55 - Search__Splunk_8.0.6_-_Google_Chrome.png" style="width: 999px;"&gt;&lt;img src="https://community.splunk.com/t5/image/serverpage/image-id/11401i585834D239C27E97/image-size/large?v=v2&amp;amp;px=999" role="button" title="2020 ∕ 10 ∕ 21 11꞉35꞉55 - Search__Splunk_8.0.6_-_Google_Chrome.png" alt="2020 ∕ 10 ∕ 21 11꞉35꞉55 - Search__Splunk_8.0.6_-_Google_Chrome.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;The advanced settings of the alert show that it is aware of the 365 SMTP server.&lt;/P&gt;&lt;P data-unlink="true"&gt;From&amp;nbsp;&lt;A href="https://community.splunk.com/t5/Alerting/How-to-get-Office-365-integrated-as-my-SMTP-server-for-Splunk/m-p/212800" target="_blank" rel="noopener"&gt;https://community.splunk.com/t5/Alerting/How-to-get-Office-365-integrated-as-my-SMTP-server-for-Splunk/m-p/212800&lt;/A&gt; ,&amp;nbsp;&amp;nbsp;I know it's normal to have to specify the server when using &lt;FONT face="courier new,courier"&gt;sendmail&lt;/FONT&gt; in a query and the advanced setting&amp;nbsp;&lt;FONT face="courier new,courier"&gt;action.email.command&lt;/FONT&gt; uses &lt;FONT face="courier new,courier"&gt;sendmail&lt;/FONT&gt; but doesn't reference the server so I appended&amp;nbsp; &lt;FONT face="courier new,courier"&gt;server=$action.email.mailserver$&lt;/FONT&gt;&amp;nbsp;and even explicitly &lt;FONT face="courier new,courier"&gt;server=smtp.office365.com:587&lt;/FONT&gt; but neither made a difference.&lt;/P&gt;&lt;P&gt;Can anyone help?&lt;/P&gt;</description>
      <pubDate>Wed, 21 Oct 2020 16:05:41 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/525749#M9867</guid>
      <dc:creator>benhooper</dc:creator>
      <dc:date>2020-10-21T16:05:41Z</dc:date>
    </item>
    <item>
      <title>Re: Alert emails via Office 365</title>
      <link>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/525816#M9869</link>
      <description>&lt;P&gt;As part of&amp;nbsp;&lt;A href="https://community.splunk.com/t5/forums/replypage/board-id/splunk-alerting/message-id/9866" target="_blank" rel="noopener"&gt;https://community.splunk.com/t5/forums/replypage/board-id/splunk-alerting/message-id/9866&lt;/A&gt;&amp;nbsp;, I upgraded the installation of Splunk Enterprise from v8.0.6 to v8.1.0 (latest as of writing). Due to &lt;A href="https://docs.splunk.com/Documentation/Splunk/8.1.0/ReleaseNotes/MeetSplunk" target="_self"&gt;the new feature Allowed Email Domains&lt;/A&gt;, this changed the error to the following:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;2020-10-21 15:09:37,597 +0100 ERROR	sendemail:1599 - 'action.email.allowedDomainList'
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/search/bin/sendemail.py", line 1592, in &amp;lt;module&amp;gt;
    results = sendEmail(results, settings, keywords, argvals)
  File "/opt/splunk/etc/apps/search/bin/sendemail.py", line 469, in sendEmail
    ssContent['action.email.allowedDomainList'] = ssContent['action.email.allowedDomainList'].strip()
KeyError: 'action.email.allowedDomainList'&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020 ∕ 10 ∕ 21 15꞉17꞉36 - Search__Splunk_8.1.0_-_Google_Chrome.png" style="width: 999px;"&gt;&lt;img src="https://community.splunk.com/t5/image/serverpage/image-id/11413i548C45337A02F785/image-size/large?v=v2&amp;amp;px=999" role="button" title="2020 ∕ 10 ∕ 21 15꞉17꞉36 - Search__Splunk_8.1.0_-_Google_Chrome.png" alt="2020 ∕ 10 ∕ 21 15꞉17꞉36 - Search__Splunk_8.1.0_-_Google_Chrome.png" /&gt;&lt;/span&gt;Weirdly, &lt;FONT face="courier new,courier"&gt;/en-GB/manager/search/admin/alert_actions/email?action=edit&lt;/FONT&gt;&amp;nbsp;→&amp;nbsp;&lt;SPAN&gt;&lt;FONT face="courier new,courier"&gt;Allowed Domains&lt;/FONT&gt;&amp;nbsp;is marked with an asterisk as if it's required (which the above behaviour would suggest) but says&amp;nbsp;&lt;FONT face="courier new,courier"&gt;Leave empty for no restriction&lt;/FONT&gt;.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020 ∕ 10 ∕ 21 15꞉25꞉33 - Settings__Splunk_-_Google_Chrome.png" style="width: 999px;"&gt;&lt;img src="https://community.splunk.com/t5/image/serverpage/image-id/11417i625B295469EDDA58/image-size/large?v=v2&amp;amp;px=999" role="button" title="2020 ∕ 10 ∕ 21 15꞉25꞉33 - Settings__Splunk_-_Google_Chrome.png" alt="2020 ∕ 10 ∕ 21 15꞉25꞉33 - Settings__Splunk_-_Google_Chrome.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;As this is a new feature, I just put this down to a bug, added our recipient domain name anyway, and verified that it pushed to the advanced settings of the alert but doing so didn't make a difference - the same errors continued.&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2020 ∕ 10 ∕ 21 15꞉48꞉30 - New_Incident__Splunk_8.1.0_-_Google_Chrome.png" style="width: 999px;"&gt;&lt;img src="https://community.splunk.com/t5/image/serverpage/image-id/11419i02E713342409CFCE/image-size/large?v=v2&amp;amp;px=999" role="button" title="2020 ∕ 10 ∕ 21 15꞉48꞉30 - New_Incident__Splunk_8.1.0_-_Google_Chrome.png" alt="2020 ∕ 10 ∕ 21 15꞉48꞉30 - New_Incident__Splunk_8.1.0_-_Google_Chrome.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;In file &lt;FONT face="courier new,courier"&gt;/opt/splunk/etc/apps/search/bin/sendemail.py&lt;/FONT&gt;, I added the lines beginning with &lt;FONT face="courier new,courier"&gt;logFile&lt;/FONT&gt; in the following block of code:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;    logFile.write("ssContent action.email.allowedDomainList before: {}\n".format(ssContent.get('action.email.allowedDomainList')))
    logFile.write("alertContent allowedDomainList before: {}\n".format(alertContent.get('allowedDomainList')))
    ssContent['action.email.allowedDomainList'] = ssContent['action.email.allowedDomainList'].strip()
    logFile.write("ssContent action.email.allowedDomainList stripped: {}\n".format(ssContent.get('action.email.allowedDomainList')))
    if ssContent.get('action.email.allowedDomainList') != alertContent.get('allowedDomainList'):
        ssContent['action.email.allowedDomainList'] = alertContent['allowedDomainList']
        logger.warn("For alert=%s, the 'allowedDomainList' value is always obtained from alert_actions.conf."
                    "The allowedDomainList=%s" % (ssname, alertContent.get('allowedDomainList')))

    if alertContent.get('allowedDomainList') != "":
        if ssContent.get('action.email.mailserver') != alertContent.get('mailserver'):
            ssContent['action.email.mailserver'] = alertContent['mailserver']
            logger.warn("For alert=%s, if a 'allowedDomainList' is specified, it uses the 'mailserver'=%s in alert_actions.conf." %
                        (ssname, ssContent.get('action.email.mailserver')))

    logFile.write("action.email.allowedDomainList after: {}\n".format(ssContent.get('action.email.allowedDomainList')))
    logFile.write("alertContent allowedDomainList after: {}\n".format(alertContent.get('allowedDomainList')))&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The log file contains the following:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;ssContent action.email.allowedDomainList before: None
alertContent allowedDomainList before: &amp;lt;my domain&amp;gt;
ssContent action.email.allowedDomainList before: None
alertContent allowedDomainList before: &amp;lt;my domain&amp;gt;
ssContent action.email.allowedDomainList before: None
alertContent allowedDomainList before: &amp;lt;my domain&amp;gt;&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;So, given that it's not even getting passed &lt;FONT face="courier new,courier"&gt;.strip()&lt;/FONT&gt;, I can only assume that this is a bug.&lt;/P&gt;&lt;P&gt;Also, this 365 account was provisioned for me and I trust the person who did so but I thought I should check that the credentials are valid and found that the password was required to be changed. So, I've set a new password, verified access, and updated Splunk. However, doing so didn't make a difference either.&lt;/P&gt;</description>
      <pubDate>Wed, 21 Oct 2020 15:03:17 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/525816#M9869</guid>
      <dc:creator>benhooper</dc:creator>
      <dc:date>2020-10-21T15:03:17Z</dc:date>
    </item>
    <item>
      <title>Re: Alert emails via Office 365</title>
      <link>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/525832#M9874</link>
      <description>&lt;P&gt;As my dev / test instance of Splunk runs in a VM, I restored to the v8.0.6 snapshot, updated the SMTP credentials, and found that the problem and errors were unchanged.&lt;/P&gt;</description>
      <pubDate>Wed, 21 Oct 2020 15:10:53 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/525832#M9874</guid>
      <dc:creator>benhooper</dc:creator>
      <dc:date>2020-10-21T15:10:53Z</dc:date>
    </item>
    <item>
      <title>Re: Alert emails via Office 365</title>
      <link>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/525988#M9877</link>
      <description>&lt;P&gt;For testing,&amp;nbsp;I set up the following new environment:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;OS: Ubuntu Server 20.04&lt;/LI&gt;&lt;LI&gt;Splunk: Enterprise (full 2-month trial) 8.1.0&lt;/LI&gt;&lt;LI&gt;Alert:&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;Exactly the same (installed as part of TA app)&lt;/LI&gt;&lt;LI&gt;Email server:&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;FONT face="courier new,courier"&gt;smtp.office365.com:587&lt;/FONT&gt;&lt;/LI&gt;&lt;LI&gt;Email account credentials: Exactly the same&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;It works absolutely fine.&lt;/P&gt;&lt;P&gt;So, are all these problems a hidden limitation of the dev / test license?&lt;/P&gt;</description>
      <pubDate>Thu, 22 Oct 2020 08:16:40 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/525988#M9877</guid>
      <dc:creator>benhooper</dc:creator>
      <dc:date>2020-10-22T08:16:40Z</dc:date>
    </item>
    <item>
      <title>Re: Alert emails via Office 365</title>
      <link>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/542147#M10277</link>
      <description>&lt;P&gt;I have the same issue, from version 7.3 , with every new version (now 8.1.2)&amp;nbsp; I hope this would be solved.&lt;BR /&gt;Sendemail works only when you set the "Admin_All_Object" capability, but that is in fact a security breach for the regular user&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 03 Mar 2021 12:40:53 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/542147#M10277</guid>
      <dc:creator>apietersen</dc:creator>
      <dc:date>2021-03-03T12:40:53Z</dc:date>
    </item>
    <item>
      <title>Re: Alert emails via Office 365</title>
      <link>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/542148#M10278</link>
      <description>&lt;P&gt;&lt;SPAN class="t"&gt;exactly the same error in lines in pyhton.log&lt;BR /&gt;&lt;BR /&gt;2021-03-03&lt;/SPAN&gt; &lt;SPAN class="t"&gt;13:26:49&lt;/SPAN&gt;&lt;SPAN&gt;,&lt;/SPAN&gt;&lt;SPAN class="t"&gt;738&lt;/SPAN&gt;&lt;SPAN&gt; +&lt;/SPAN&gt;&lt;SPAN class="t"&gt;0100&lt;/SPAN&gt; &lt;SPAN class="t"&gt;ERROR&lt;/SPAN&gt; &lt;SPAN class="t"&gt;&lt;SPAN class="t a"&gt;sendemail&lt;/SPAN&gt;:1600&lt;/SPAN&gt; &lt;SPAN class="t"&gt;-&lt;/SPAN&gt;&lt;SPAN&gt; '&lt;/SPAN&gt;&lt;SPAN class="t"&gt;action.email.allowedDomainList&lt;/SPAN&gt;&lt;SPAN&gt;' &lt;/SPAN&gt;&lt;SPAN class="t"&gt;Traceback&lt;/SPAN&gt;&lt;SPAN&gt; (&lt;/SPAN&gt;&lt;SPAN class="t"&gt;most&lt;/SPAN&gt; &lt;SPAN class="t h"&gt;recent&lt;/SPAN&gt; &lt;SPAN class="t"&gt;call&lt;/SPAN&gt; &lt;SPAN class="t"&gt;last&lt;/SPAN&gt;&lt;SPAN&gt;)&lt;/SPAN&gt;&lt;SPAN class="t"&gt;:&lt;/SPAN&gt; &lt;SPAN class="t"&gt;File&lt;/SPAN&gt;&lt;SPAN&gt; "&lt;/SPAN&gt;&lt;SPAN class="t"&gt;D:\Program&lt;/SPAN&gt; &lt;SPAN class="t"&gt;Files\Splunk\etc\apps\search\bin\&lt;SPAN class="t a"&gt;sendemail&lt;/SPAN&gt;.py&lt;/SPAN&gt;&lt;SPAN&gt;", &lt;/SPAN&gt;&lt;SPAN class="t"&gt;line&lt;/SPAN&gt; &lt;SPAN class="t"&gt;1593&lt;/SPAN&gt;&lt;SPAN&gt;, &lt;/SPAN&gt;&lt;SPAN class="t"&gt;in&lt;/SPAN&gt;&lt;SPAN&gt; &amp;lt;&lt;/SPAN&gt;&lt;SPAN class="t"&gt;module&lt;/SPAN&gt;&lt;SPAN&gt;&amp;gt; &lt;/SPAN&gt;&lt;SPAN class="t"&gt;results&lt;/SPAN&gt; &lt;SPAN class="t"&gt;=&lt;/SPAN&gt; &lt;SPAN class="t a"&gt;&lt;SPAN class="t"&gt;sendEmail&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;SPAN&gt;(&lt;/SPAN&gt;&lt;SPAN class="t"&gt;results&lt;/SPAN&gt;&lt;SPAN&gt;, &lt;/SPAN&gt;&lt;SPAN class="t"&gt;settings&lt;/SPAN&gt;&lt;SPAN&gt;, &lt;/SPAN&gt;&lt;SPAN class="t"&gt;keywords&lt;/SPAN&gt;&lt;SPAN&gt;, &lt;/SPAN&gt;&lt;SPAN class="t"&gt;argvals&lt;/SPAN&gt;&lt;SPAN&gt;) &lt;/SPAN&gt;&lt;SPAN class="t"&gt;File&lt;/SPAN&gt;&lt;SPAN&gt; "&lt;/SPAN&gt;&lt;SPAN class="t"&gt;D:\Program&lt;/SPAN&gt; &lt;SPAN class="t"&gt;Files\Splunk\etc\apps\search\bin\&lt;SPAN class="t a"&gt;sendemail&lt;/SPAN&gt;.py&lt;/SPAN&gt;&lt;SPAN&gt;", &lt;/SPAN&gt;&lt;SPAN class="t"&gt;line&lt;/SPAN&gt; &lt;SPAN class="t"&gt;469&lt;/SPAN&gt;&lt;SPAN&gt;, &lt;/SPAN&gt;&lt;SPAN class="t"&gt;in&lt;/SPAN&gt; &lt;SPAN class="t a"&gt;&lt;SPAN class="t"&gt;sendEmail&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 03 Mar 2021 12:43:36 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/542148#M10278</guid>
      <dc:creator>apietersen</dc:creator>
      <dc:date>2021-03-03T12:43:36Z</dc:date>
    </item>
    <item>
      <title>Re: Alert emails via Office 365</title>
      <link>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/542149#M10279</link>
      <description>&lt;P&gt;Splunk support suggest the following:&lt;/P&gt;&lt;P&gt;I was reviewing the know issues list and I found the issue number SPL-138647, See the link below for more information.&lt;/P&gt;&lt;P&gt;&lt;A href="https://docs.splunk.com/Documentation/Splunk/8.1.2/ReleaseNotes/KnownIssues" target="_blank"&gt;https://docs.splunk.com/Documentation/Splunk/8.1.2/ReleaseNotes/KnownIssues&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 03 Mar 2021 12:44:45 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/542149#M10279</guid>
      <dc:creator>apietersen</dc:creator>
      <dc:date>2021-03-03T12:44:45Z</dc:date>
    </item>
    <item>
      <title>Re: Alert emails via Office 365</title>
      <link>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/542150#M10280</link>
      <description>&lt;P&gt;After trying up/down, left/right, no succes sofar.&lt;/P&gt;</description>
      <pubDate>Wed, 03 Mar 2021 12:46:16 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Alerting/Alert-emails-via-Office-365/m-p/542150#M10280</guid>
      <dc:creator>apietersen</dc:creator>
      <dc:date>2021-03-03T12:46:16Z</dc:date>
    </item>
  </channel>
</rss>

