hi folks

using splunk 7.1.1 and we're having issues sending email alerts to AWS SES - when we send via a search string the mail works just fine. I've also modified the sendemail.py file to enable TLS. Has anyone successfully managed to get this working as I have not seen any splunk answers which has solved the automatic alert issue, only when sending via a search

Blockquote

==> var/log/splunk/python.log <==
2019-08-15 15:13:02,306 +0000 ERROR sendemail:140 - Sending email. subject="Splunk Alert: Amazon Client Exception", results_link="http://aws-domain:8000/app/search/@go?sid=scheduler__gearoidr__search__RMD56da3f171ecf1725d_at_15658...", recipients="[u'verifiied.user@blah.com']", server="email-smtp.us-east-1.amazonaws.com:587"
2019-08-15 15:13:02,306 +0000 ERROR sendemail:463 - (554, "Transaction failed: User name is missing: 'splunk'.") while sending mail to: verifiied.user@blah.com

==> var/log/splunk/splunkd.log <==
08-15-2019 15:13:02.306 +0000 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/search/bin/sendemail.py "results_link=http://aws-domain:8000/app/search/@go?sid=scheduler__gearoidr__search__RMD56da3f171ecf1725d_at_15658..." "ssname=Amazon Client Exception" "graceful=True" "trigger_time=1565881981" results_file="/opt/splunk/var/run/splunk/dispatch/scheduler_gearoidrsearch_RMD56da3f171ecf1725d_at_1565881980_2/results.csv.gz"': ERROR:root:(554, "Transaction failed: User name is missing: 'splunk'.") while sending mail to: verifiied.user@blah.com
08-15-2019 15:13:13.160 +0000 INFO TcpOutputProc - Connected to idx=10.0.26.132:9997, pset=0, reuse=0.

Blockquote

Blockquote

The logs from a successful search email event
==> var/log/splunk/python.log <==
2019-08-15 15:28:55,535 +0000 INFO sendemail:1299 - Generated PDF for email
2019-08-15 15:28:55,880 +0000 INFO sendemail:137 - Sending email. subject="Here is an email notification", results_link="None", recipients="[u'verifiied.user@blah.com']", server="email-smtp.us-east-1.amazonaws.com:587"

Blockquote