Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need help with configuration for email alert

bella
Loves-to-Learn Lots
‎03-17-2022 11:21 PM

I need some help to check configure send email, and I still have not received the email alert in my mailbox. The alert is already triggered as I can see that in the "triggered alerts" section.
when i configure like this,and saved.

bella_0-1647584192949.png

then i open again, username,passward is gone,

bella_1-1647584273553.png

 

Labels (3)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 01:03 AM

Hi @bella,

I suppose that you already checked that the route between your Search Head and eMail, if not, make it.

Anyway, I cannot completely understand your screenshot because I see Japanese chars, anyway, the first step is to check the eMail parameters: 

  • url,
  • port,
  • TLS,
  • user needed or not,
  • eventually user and password.

Then check if the message and the attachment is big.

At least, you can see the Splunk logs in %SPLUNK_HOME/var/log/splunk/splunkd.log or in _internal index, searching mail errors.

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 01:09 AM

i can see some error ,like this:

bella_0-1647590953911.png

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 01:17 AM

Hi @bella,

the message says that there's an error in sendmail.

What about the other checks?

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 02:02 AM

i find the configuration,like this:

bella_0-1647594133726.png

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 02:04 AM

Hi @bella,

did you checked these parameters are the correct ones for your eMail system?

what about routes? usually this is the first problem.

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 03:42 AM

Hi,

I've tested it. The SMTP account is OK. Now I'm a little confused

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 04:16 AM

hi @bella,

did you tried the connection (using telnet) from the Splunk server to the eMail server on the used port?

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-21-2022 12:00 AM

Hi,@gcusello

I changed the version of splunk from 8.0.6 to 8.2.5, before i test in  version 8.0.6,they all fail, when i test in  version 8.2.5,it is success.

thank you !

bella

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-21-2022 12:47 AM

Hi @bella,

good for you, please accept one answer for the other people of Community, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 01:38 AM

Hi,@gcusello,
I test many times:
smtp.qiye.aliyun:25
null
username:null
password:null

OR

smtp.qiye.aliyun:465
SSL
username:xxxxx@vskysoft.com
password:xxxyyyy
password confirm:xxxyyyy

they all false.
when i configure username,password, saved. then i open again, username,password all gone.
like i first screenshot; I really don't understand why I can't save my configuration. where i can see my configuration in config?

0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...