I know my alerts work because I can trigger them by entering the wrong password on purpose. The problem is I am not getting an email. How do I fix that? Also I saw the option to add it to "triggered alerts." Where does that reside?
This is what I got from the _internal index.
05-20-2020 11:52:11.456 -0700 INFO SavedSplunker - savedsearch_id="nobody;search;Enclave Failed Logon AlertTEST", search_type="", user="xxxx", app="search", savedsearch_name="Enclave Failed Logon AlertTEST", priority=default, status=success, digest_mode=0, scheduled_time=1590000452, window_time=0, dispatch_time=1590000453, run_time=275.236, result_count=1, alert_actions="email", sid="rt_scheduler_xxxxsearch_RMD5300c713dc670b306_at_1590000452_240.0", suppressed=0, fired=1, skipped=0, action_time_ms=2405, thread_id="AlertNotifierWorker-0", message="", workload_pool=""
python.log:
sendemail:475 - [Errno 99] Cannot assign requested address while sending mail to: gen@generic.com
see https://answers.splunk.com/answers/173131/why-am-i-getting-splunkweb-start-error-errno-99-ca.html as looks to be the same issue.
see https://answers.splunk.com/answers/173131/why-am-i-getting-splunkweb-start-error-errno-99-ca.html as looks to be the same issue.
The issue was that in email settings we couldn't use localhost so we changed the mailserver and the from field in email settings. But this did help me because i did go and set the serverNames as well just in case.