Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

After upgrade, emails are not being sent on triggered alerts.

scottrunyon
Contributor
‎02-10-2022 09:54 AM

After the upgrade of Splunk Enterprise to 8.2.4, several triggered alerts with tokens are no longer sending out emails.   

Looking at splunkd.log, there is a warning message concerning the alert

02-10-2022 10:02:28.244 -0600 WARN Pathname [15448 AlertNotifierWorker-0] - Pathname 'E:\Splunk\bin\Python3.exe E:\Splunk\etc\apps\search\bin\sendemail.py "results_link= "ssname=Password Reset Reminder" "graceful=True" "trigger_time=1644508948" results_file="E:\Splunk\var\run\splunk\dispatch\scheduler__srunyonadm__search__RMD5c5f30383081059ef_at_1644508800_24883\results.csv.gz" "is_stream_malert=False"' larger than MAX_PATH, callers: call_sites=[0xd4d290, 0xd4f001, 0x15d1632, 0x15ce217, 0x1439f53, 0x13c8176, 0x71f406, 0x71ea9e, 0x71e899, 0x6eaeeb, 0x70c3c5]

I am concerned with the "larger thanMAX_PATH" message because Splunk doc states - 

"The Windows API has a path limitation of MAX_PATH which Microsoft defines as 260 characters including the drive letter, colon, backslash, 256-characters for the path, and a null terminating character. Windows cannot address a file path that is longer than this, and if Splunk software creates a file with a path length that is longer than MAX_PATH, it cannot retrieve the file later. There is no way to change this configuration."

What can be done to get this working again?

Regards,

Scott Runyon

Labels (1)
Labels
0 Karma
Reply

nilankarunaratn
Observer
‎03-16-2024 04:39 PM

Scott,

Did you find a fix or workaround for this?  I am having the exact same issue.

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎03-17-2024 09:05 AM

Workaround? - Use Linux if possible.

 

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎02-11-2022 12:06 AM

I've heard this before and people say this is unnecessarily restricted path length on Windows.

https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation?tabs=cmd

Here is what Microsoft says about it. Search for some solution on the Windows side, I don't there is anything we can do on the Splunk side.

If possible switch to Linux is another option.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...