I've configured the email settings on Splunk, but emails won't send. In the logs, I'm seeing the server referenced as "localhost". I've restarted the Splunk server, but it doesn't seem to be taking effect.
Never mind, I got the scheduled alert to send and took off using SSL. It worked fine. Looks like the issue is with my command, not the settings.
View solution in original post
You should click Accept on your own answer to close the question.
Accept
I'd also like to add I'm running this via Search. The alert ran on schedule, and it seemed to be producing different results.
index="wineventlog" EventIdentifier="4624" | sendemail to="MYEMAILADDRESS"
You need to configure the email server settings on your search head. This link shows you how to use Gmail, which should be good for testing purposes: http://blogs.splunk.com/2014/06/27/splunk-alerts-using-gmail-twitter-phone-calls-and-much-more/
