Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

After upgrade, emails are not being sent on triggered alerts.

scottrunyon
Contributor
‎02-10-2022 09:54 AM

After the upgrade of Splunk Enterprise to 8.2.4, several triggered alerts with tokens are no longer sending out emails.   

Looking at splunkd.log, there is a warning message concerning the alert

02-10-2022 10:02:28.244 -0600 WARN Pathname [15448 AlertNotifierWorker-0] - Pathname 'E:\Splunk\bin\Python3.exe E:\Splunk\etc\apps\search\bin\sendemail.py "results_link= "ssname=Password Reset Reminder" "graceful=True" "trigger_time=1644508948" results_file="E:\Splunk\var\run\splunk\dispatch\scheduler__srunyonadm__search__RMD5c5f30383081059ef_at_1644508800_24883\results.csv.gz" "is_stream_malert=False"' larger than MAX_PATH, callers: call_sites=[0xd4d290, 0xd4f001, 0x15d1632, 0x15ce217, 0x1439f53, 0x13c8176, 0x71f406, 0x71ea9e, 0x71e899, 0x6eaeeb, 0x70c3c5]

I am concerned with the "larger thanMAX_PATH" message because Splunk doc states - 

"The Windows API has a path limitation of MAX_PATH which Microsoft defines as 260 characters including the drive letter, colon, backslash, 256-characters for the path, and a null terminating character. Windows cannot address a file path that is longer than this, and if Splunk software creates a file with a path length that is longer than MAX_PATH, it cannot retrieve the file later. There is no way to change this configuration."

What can be done to get this working again?

Regards,

Scott Runyon

Labels (1)
Labels
0 Karma
Reply

nilankarunaratn
Observer
‎03-16-2024 04:39 PM

Scott,

Did you find a fix or workaround for this?  I am having the exact same issue.

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎03-17-2024 09:05 AM

Workaround? - Use Linux if possible.

 

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎02-11-2022 12:06 AM

I've heard this before and people say this is unnecessarily restricted path length on Windows.

https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation?tabs=cmd

Here is what Microsoft says about it. Search for some solution on the Windows side, I don't there is anything we can do on the Splunk side.

If possible switch to Linux is another option.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...