Alerting

Does Trial Version allow alerts?

wuming79
Path Finder

Hi,

Does trial version actually supports alert? I read from old post, it does but when i look at my license which trial is expiring in 5 days time, it shows No licensing alerts. I also trying to make alert work for past few days, the alert history is displayed on my alert search but I cant' get it to send email out.

I'm trying this out in my own home. I have also allow splunk.exe and splunkd.exe to be allowed through my windows firewall. I'm confused whether it actually works for Trial version as in my Lisensing page, it also indicated no licensing alerts.

From python.log I have the following errors:

2017-06-20 10:37:03,311 +0800
ERROR sendemail:137 - Sending email.
subject="Splunk Alert: Temperature
Threshold Exceeded!",
results_link="http://HS:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__RMD565cc5b97a7fcf839_at...",
recipients="[u'[email protected]']",
server="localhost" 2017-06-20
10:37:03,312 +0800 ERROR sendemail:443
- [Errno 10061] No connection could be made because the target machine
actively refused it while sending mail
to:[email protected]

alt text

0 Karma

niketn
Legend

@wuming79, have you verified that email exchange is setup/configured properly on Splunk Server and issue is not with emails not being sent out rather than license issue?

You can either try test email delivery of pdf generated from Dashboard, or use the sendemail command through Splunk search directly. http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Sendemail

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

wuming79
Path Finder

Hi, I tried
temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":{\"string\":\"(?[^\"])\".\"Event\": (?{.*})}$"| spath input=mydata | table _time, endpoint, temperature | eval threshold = 50 | where temperature > threshold | sendemail to="[email protected]" sendresults=true

but python.log still show the same msg

2017-06-20 23:07:05,436 +0800
ERROR sendemail:137 - Sending email.
subject="Splunk Alert: Temperature
Threshold Exceeded!",
results_link="http://HS:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__RMD565cc5b97a7fcf839_at...",
recipients="[u'[email protected]']",
server="localhost" 2017-06-20
23:07:05,437 +0800 ERROR sendemail:443
- [Errno 10061] No connection could be made because the target machine
actively refused it while sending mail
to: [email protected]

May I know how do I verify that the email exchange is setup/configured properly on Splunk Server?

0 Karma

lavanyaanne
Path Finder

splunk enterprise trail has Full enterprise features. so alerts will work.

To work email alerting, you must have a mail server running on the LAN that the Splunk server can connect to. Splunk does not authenticate against the mail server so the server must be an open relay.

Also make sure that the host doesn't have any firewall that might be blocking traffic across SMTP.

0 Karma

wuming79
Path Finder

May I know how do I check if my mail server is running on LAN? I'm using yahoo.com and I don't have a mail server at home.

0 Karma

gcusello
SplunkTrust
SplunkTrust
0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...