Alert email error -- what is the message size limi...

sbbadri · ‎09-25-2017

I got below error message while sending alert as a email only to a particular saved search.

09-25-2017 06:00:45.331 -0400 ERROR ScriptRunner - stderr from '/opt/splunk/server/bin/python /opt/splunk/server/etc/apps/search/bin/sendemail.py "results_link=https://XXXXXXXXXXXXXX:8000/app/search/@go?sid=xxxxxxxxxxxx" "graceful=True" "trigger_time=1506333632" results_file="/opt/splunk/server/var/run/splunk/dispatch/sxxxxxx/results.csv.gz"': ERROR:root:(552, '5.3.4 Message size exceeds fixed limit', u'no-reply@xxxxxxx') while sending mail to: xxxxx.com;xxxxx.com;xxxxx.com; xxxx.com;xxxx.com

what is the message size limit and where to change the limit.

lfedak_splunk · ‎09-26-2017

Hey @sbbadri, If @DalJeanis solved your problem, please don't forget to accept an answer! You can upvote posts as well. (Karma points will be awarded for either action.) Happy Splunking!

DalJeanis · ‎09-25-2017

https://answers.splunk.com/answers/13128/is-there-a-way-to-email-more-than-10k-results.html

http://docs.splunk.com/Documentation/Splunk/latest/Admin/Savedsearchesconf?utm_source=answers&utm_me...

[savedsearches.conf]

action.email.maxresults =

These ones give a few more settings that may need to be updated...

https://answers.splunk.com/answers/291115/how-to-send-alert-search-results-as-an-email-csv-a.html
https://answers.splunk.com/answers/542862/how-to-overcome-csv-max-results-to-email.html

sbbadri · ‎09-27-2017

Hi DalJeanis,

i found the issue, splunk is triggering the alert properly. It got stuck in email gateway where size defined is 20MB. Attachment is exceeds over 20MB, so that alert triggered from splunk is getting blocked.

Alert email error -- what is the message size limit and where to change the limit?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms