Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Issue with Sending Splunk Alert Emails via Postfix SMTP Server

Maxime
Loves-to-Learn
‎08-07-2024 03:01 AM

Hello everyone,

I am encountering an issue with sending emails for the alerts I have configured on Splunk. Here are the steps I followed:

  1. SMTP Server Configuration:

    • I set up an SMTP server using Postfix on a virtual machine (VM).
    • I also configured the firewall on this VM to allow SMTP traffic.

  2. Splunk Configuration:

    • In Splunk, I configured the email server settings using my Postfix server information.
    • I verified the settings under Settings -> Server settings -> Email settings, and everything seems correct.

  3. Alert Configuration:

    • I created several alerts and configured the "Send Email" action for each alert.
    • I provided the recipients, subject, and email content.

Despite these configurations, I am not receiving any emails when the alerts are triggered.

Additional Details:

  • I tested sending emails from the command line on the VM with Postfix, and it works correctly.
  • I checked Splunk logs (splunkd.log) and did not find any obvious errors related to email sending.
  • Postfix logs show that email requests do not seem to be reaching the server.

Questions:

  1. Are there any additional steps I might have missed in the Splunk configuration for sending emails?
  2. How can I diagnose why emails are not being sent from Splunk?
  3. Are there specific logs or configurations I should check again?

Thank you in advance for your help!

Labels (2)
Tags (3)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-07-2024 06:44 AM

It is an Outlook question if you can enable it to send email using your credentials from Splunk or any other external service. As far as I remember, you can't just use user/password to authenticate to Outlook's SMTP and Splunk doesn't support (at least not using built-in sendemail.py) alternative modes of authentication.

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-07-2024 05:55 AM

Check _internal index for events related to sendemail.py

index=_internal sendemail.py

 

0 Karma
Reply

Maxime
Loves-to-Learn
‎08-07-2024 06:26 AM

I am encountering an issue with sending emails from Splunk. After some investigation, I discovered that my Outlook email address is not authorized to send emails as splunk@splunkubuntu.

Details:

  • I have configured Splunk to use my Outlook email address for sending alert notifications.
  • The SMTP server settings in Splunk are correctly configured to use my Outlook credentials.
  • However, when an alert is triggered, the emails are not sent. The error message indicates that my Outlook email address is not authorized to send emails as splunk@splunkubuntu.

Steps Taken:

  1. Verified the SMTP server settings in Splunk (Settings -> Server settings -> Email settings).
  2. Tested sending emails directly from Outlook, which works fine.
  3. Checked the Splunk logs (splunkd.log) for any related errors and found the authorization issue.

Questions:

  1. How can I configure my Outlook email address to be authorized to send emails from Splunk?
  2. Are there specific settings or permissions needed within Outlook or Splunk to resolve this issue?
  3. Has anyone faced a similar issue and found a solution ?

Thank you in advance for your assistance!

0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...