Does Trial Version allow alerts?

wuming79 · ‎06-19-2017

Hi,

Does trial version actually supports alert? I read from old post, it does but when i look at my license which trial is expiring in 5 days time, it shows No licensing alerts. I also trying to make alert work for past few days, the alert history is displayed on my alert search but I cant' get it to send email out.

I'm trying this out in my own home. I have also allow splunk.exe and splunkd.exe to be allowed through my windows firewall. I'm confused whether it actually works for Trial version as in my Lisensing page, it also indicated no licensing alerts.

From python.log I have the following errors:

2017-06-20 10:37:03,311 +0800
ERROR sendemail:137 - Sending email.
subject="Splunk Alert: Temperature
Threshold Exceeded!",
results_link="http://HS:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__RMD565cc5b97a7fcf839_at...",
recipients="[u'myemail@yahoo.com']",
server="localhost" 2017-06-20
10:37:03,312 +0800 ERROR sendemail:443
- [Errno 10061] No connection could be made because the target machine
actively refused it while sending mail
to:myemail@yahoo.com

niketn · ‎06-20-2017

@wuming79, have you verified that email exchange is setup/configured properly on Splunk Server and issue is not with emails not being sent out rather than license issue?

You can either try test email delivery of pdf generated from Dashboard, or use the sendemail command through Splunk search directly. http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Sendemail

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

wuming79 · ‎06-20-2017

Hi, I tried
temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":{\"string\":\"(?[^\"])\".\"Event\": (?{.*})}$"| spath input=mydata | table _time, endpoint, temperature | eval threshold = 50 | where temperature > threshold | sendemail to="abc@mail.com" sendresults=true

but python.log still show the same msg

2017-06-20 23:07:05,436 +0800
ERROR sendemail:137 - Sending email.
subject="Splunk Alert: Temperature
Threshold Exceeded!",
results_link="http://HS:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__RMD565cc5b97a7fcf839_at...",
recipients="[u'abc@mail.com']",
server="localhost" 2017-06-20
23:07:05,437 +0800 ERROR sendemail:443
- [Errno 10061] No connection could be made because the target machine
actively refused it while sending mail
to: abc@mail.com

May I know how do I verify that the email exchange is setup/configured properly on Splunk Server?

lavanyaanne · ‎06-19-2017

splunk enterprise trail has Full enterprise features. so alerts will work.

To work email alerting, you must have a mail server running on the LAN that the Splunk server can connect to. Splunk does not authenticate against the mail server so the server must be an open relay.

Also make sure that the host doesn't have any firewall that might be blocking traffic across SMTP.

wuming79 · ‎06-20-2017

May I know how do I check if my mail server is running on LAN? I'm using yahoo.com and I don't have a mail server at home.

gcusello · ‎06-19-2017

see http://docs.splunk.com/Documentation/Splunk/6.6.1/Admin/TypesofSplunklicenses

Does Trial Version allow alerts?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!