Alerting
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Message Size Exceeds error while sending email

bsantosh
New Member
‎07-09-2018 03:58 AM

Hi, some of the alerts are getting this "ERROR:root:(552, '5.3.4 Message size exceeds fixed maximum message size'"
and unable to sent out email.

How to solve this issue as I am unable to receive few of the alerts.

thanks,
Santosh

Tags (1)
0 Karma
Reply

mlevsh
Builder
‎10-16-2018 09:13 AM

@bsantosh
Were you able to find out the cause of the issue?

0 Karma
Reply

bsantosh
New Member
‎07-10-2018 11:57 PM

I tried sending a test email from Splunk server to test email address that had issue and it is being sent properly. I will check with the email team.,Thanks. I sent a test email to the test email address and is being sent properly without any error.

0 Karma
Reply

bsantosh
New Member
‎07-09-2018 11:41 PM

Thanks for the reply. I have unchecked all the checkboxes from the Include field under the Send email option of the alert.
Unchecked "Link to Alert", "Link to Results", "Search String", "Inline","Trigger Condition","Attach CSV","Trigger Time","Attach PDF". But, still the email is not being received by a certain email alias group.
For testing purpose, I sent to a different email alias group and the mail is receiving. So, I am a little bit confused on whether the issue is in Splunk side or on email side.

0 Karma
Reply

bsantosh
New Member
‎07-10-2018 04:05 AM

Adding to that, even the email results are very less. Around 10-15 results for each alert email.

0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎07-10-2018 04:49 AM

It sounds like an email system problem. Have you tried simply emailing from that Splunk server to see if the email goes properly to the test email address that is having the problem?

0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎07-09-2018 11:52 AM

If you are sending the search results in the alert, then it is probably that the results are too big. Either don't send the results, or don't send all the results (you can do that using head or tail usually).

If that is not the case, then look to see what other attachments you are sending in the email.

0 Karma
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top