Alerting

Does Trial Version allow alerts?

wuming79
Path Finder

Hi,

Does trial version actually supports alert? I read from old post, it does but when i look at my license which trial is expiring in 5 days time, it shows No licensing alerts. I also trying to make alert work for past few days, the alert history is displayed on my alert search but I cant' get it to send email out.

I'm trying this out in my own home. I have also allow splunk.exe and splunkd.exe to be allowed through my windows firewall. I'm confused whether it actually works for Trial version as in my Lisensing page, it also indicated no licensing alerts.

From python.log I have the following errors:

2017-06-20 10:37:03,311 +0800
ERROR sendemail:137 - Sending email.
subject="Splunk Alert: Temperature
Threshold Exceeded!",
results_link="http://HS:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__RMD565cc5b97a7fcf839_at...",
recipients="[u'myemail@yahoo.com']",
server="localhost" 2017-06-20
10:37:03,312 +0800 ERROR sendemail:443
- [Errno 10061] No connection could be made because the target machine
actively refused it while sending mail
to:myemail@yahoo.com

alt text

0 Karma

niketn
Legend

@wuming79, have you verified that email exchange is setup/configured properly on Splunk Server and issue is not with emails not being sent out rather than license issue?

You can either try test email delivery of pdf generated from Dashboard, or use the sendemail command through Splunk search directly. http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Sendemail

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

wuming79
Path Finder

Hi, I tried
temperature sourcetype=kaa | rex field=_raw "\"endpointKeyHash\":{\"string\":\"(?[^\"])\".\"Event\": (?{.*})}$"| spath input=mydata | table _time, endpoint, temperature | eval threshold = 50 | where temperature > threshold | sendemail to="abc@mail.com" sendresults=true

but python.log still show the same msg

2017-06-20 23:07:05,436 +0800
ERROR sendemail:137 - Sending email.
subject="Splunk Alert: Temperature
Threshold Exceeded!",
results_link="http://HS:8000/app/search/search?q=%7Cloadjob%20rt_scheduler__admin__search__RMD565cc5b97a7fcf839_at...",
recipients="[u'abc@mail.com']",
server="localhost" 2017-06-20
23:07:05,437 +0800 ERROR sendemail:443
- [Errno 10061] No connection could be made because the target machine
actively refused it while sending mail
to: abc@mail.com

May I know how do I verify that the email exchange is setup/configured properly on Splunk Server?

0 Karma

lavanyaanne
Path Finder

splunk enterprise trail has Full enterprise features. so alerts will work.

To work email alerting, you must have a mail server running on the LAN that the Splunk server can connect to. Splunk does not authenticate against the mail server so the server must be an open relay.

Also make sure that the host doesn't have any firewall that might be blocking traffic across SMTP.

0 Karma

wuming79
Path Finder

May I know how do I check if my mail server is running on LAN? I'm using yahoo.com and I don't have a mail server at home.

0 Karma

gcusello
SplunkTrust
SplunkTrust
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...