Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need help with configuration for email alert

bella
Loves-to-Learn Lots
‎03-17-2022 11:21 PM

I need some help to check configure send email, and I still have not received the email alert in my mailbox. The alert is already triggered as I can see that in the "triggered alerts" section.
when i configure like this,and saved.

bella_0-1647584192949.png

then i open again, username,passward is gone,

bella_1-1647584273553.png

 

Labels (3)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 01:03 AM

Hi @bella,

I suppose that you already checked that the route between your Search Head and eMail, if not, make it.

Anyway, I cannot completely understand your screenshot because I see Japanese chars, anyway, the first step is to check the eMail parameters: 

  • url,
  • port,
  • TLS,
  • user needed or not,
  • eventually user and password.

Then check if the message and the attachment is big.

At least, you can see the Splunk logs in %SPLUNK_HOME/var/log/splunk/splunkd.log or in _internal index, searching mail errors.

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 01:09 AM

i can see some error ,like this:

bella_0-1647590953911.png

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 01:17 AM

Hi @bella,

the message says that there's an error in sendmail.

What about the other checks?

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 02:02 AM

i find the configuration,like this:

bella_0-1647594133726.png

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 02:04 AM

Hi @bella,

did you checked these parameters are the correct ones for your eMail system?

what about routes? usually this is the first problem.

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 03:42 AM

Hi,

I've tested it. The SMTP account is OK. Now I'm a little confused

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 04:16 AM

hi @bella,

did you tried the connection (using telnet) from the Splunk server to the eMail server on the used port?

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-21-2022 12:00 AM

Hi,@gcusello

I changed the version of splunk from 8.0.6 to 8.2.5, before i test in  version 8.0.6,they all fail, when i test in  version 8.2.5,it is success.

thank you !

bella

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-21-2022 12:47 AM

Hi @bella,

good for you, please accept one answer for the other people of Community, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 01:38 AM

Hi,@gcusello,
I test many times:
smtp.qiye.aliyun:25
null
username:null
password:null

OR

smtp.qiye.aliyun:465
SSL
username:xxxxx@vskysoft.com
password:xxxyyyy
password confirm:xxxyyyy

they all false.
when i configure username,password, saved. then i open again, username,password all gone.
like i first screenshot; I really don't understand why I can't save my configuration. where i can see my configuration in config?

0 Karma
Reply
Get Updates on the Splunk Community!

Fall Into Learning with New Splunk Education Courses

Every month, Splunk Education releases new courses to help you branch out, strengthen your data science roots, ...

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

By Martin Hettervik, Senior Consultant and Team Leader at Accelerate at Iver, Splunk MVPThe stats command is ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

Your bank's payment processing system is humming along during a busy afternoon, handling millions in hourly ...