Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Message Size Exceeds error while sending email

bsantosh
New Member
‎07-09-2018 03:58 AM

Hi, some of the alerts are getting this "ERROR:root:(552, '5.3.4 Message size exceeds fixed maximum message size'"
and unable to sent out email.

How to solve this issue as I am unable to receive few of the alerts.

thanks,
Santosh

Tags (1)
0 Karma
Reply

mlevsh
Builder
‎10-16-2018 09:13 AM

@bsantosh
Were you able to find out the cause of the issue?

0 Karma
Reply

bsantosh
New Member
‎07-10-2018 11:57 PM

I tried sending a test email from Splunk server to test email address that had issue and it is being sent properly. I will check with the email team.,Thanks. I sent a test email to the test email address and is being sent properly without any error.

0 Karma
Reply

bsantosh
New Member
‎07-09-2018 11:41 PM

Thanks for the reply. I have unchecked all the checkboxes from the Include field under the Send email option of the alert.
Unchecked "Link to Alert", "Link to Results", "Search String", "Inline","Trigger Condition","Attach CSV","Trigger Time","Attach PDF". But, still the email is not being received by a certain email alias group.
For testing purpose, I sent to a different email alias group and the mail is receiving. So, I am a little bit confused on whether the issue is in Splunk side or on email side.

0 Karma
Reply

bsantosh
New Member
‎07-10-2018 04:05 AM

Adding to that, even the email results are very less. Around 10-15 results for each alert email.

0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎07-10-2018 04:49 AM

It sounds like an email system problem. Have you tried simply emailing from that Splunk server to see if the email goes properly to the test email address that is having the problem?

0 Karma
Reply

cpetterborg
SplunkTrust
SplunkTrust
‎07-09-2018 11:52 AM

If you are sending the search results in the alert, then it is probably that the results are too big. Either don't send the results, or don't send all the results (you can do that using head or tail usually).

If that is not the case, then look to see what other attachments you are sending in the email.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...