I'm trying to configure some alerts by email, but I got the following error:
Sending the test email failed: command="sendemail", (550, '5.7.1 Client does not have permissions to send as this sender') while sending mail to: myemail
The following search command works fine:
head 100 | top 2 host | sendemail to="myemail" server=myserver:25 from=emailalerts
Any suggest? Thanks
I think your mail relay is rejecting the mail becuase the "from" address you are specifying is not allowed.
If you can't make that change on the relay, then follow the instructions here: https://docs.splunk.com/Documentation/Splunk/7.2.3/Alert/Emailnotification to set the "send mail as" value to be the same as what you are running in your ad-hoc alert.
Hope this helps!