Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to troubleshoot why one of our users is not receiving email alerts from Splunk?

Kaushikkatta03
Explorer
‎05-13-2016 07:36 AM

This is one of the example email alerts:

Saved search results. 

Name: 'Cisco - Level 3 Internet BGP Drops (dcinternet02r)' 
Query Terms: 'source=\"/var/log/syslog_info\" _raw=*\"%BGP-5-ADJCHANGE: neighbor 4.15.168.57\"* earliest=-36hr@h | table _time, _raw | sort -_time' 
Link to results: https://splunk.********.com/
sid=scheduler__hfmra200__search__RMD5ce14eefd70aff3f9_at_1459853760_15001 
Alert was triggered because of: 'Saved Search [Cisco - Level 3 Internet BGP Drops (dcinternet02r)]: always(0)'
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-13-2016 08:16 AM

Verify the user's email address is correct in the alert.
Ask the user to check his spam folder and mail filters.

---
If this reply helps you, Karma would be appreciated.
Reply

Kaushikkatta03
Explorer
‎05-13-2016 09:29 AM

Everything are good , from there side email address and he check in spam fold. He haven't received any mails.

And if i try to run commands under the applications which are in saved search, like:

source=\"/var/log/syslog_info\" _raw=\"%BGP-5-ADJCHANGE: neighbor 4.15.168.57\" earliest=-36hr@h | table _time, _raw | sort -time

I cant see any data . "No data found "

0 Karma
Reply

pradeepkumarg
Influencer
‎05-13-2016 10:24 AM

Is he the only recipient for the alert? If so, check sourcetype = python_log logs for any errors in sending email. If there are other recipients for the alert check with them to see if they got the email and you can validate the to distribution list from that email

0 Karma
Reply

pradeepkumarg
Influencer
‎05-13-2016 12:50 PM

Sorry, I didn't realize python logs are not indexed by default and you have to specifically index them. But you can find them here $SPLUNK_HOME/var/log/splunk/python.log

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...