SENS STG Splunk new alerts unable to send emails

anil1432 · ‎08-05-2021

We created new STG Splunk Alerts and enabled them starting July 27. The strange thing is that they cannot send emails to prj-sens-test@mail.rakuten.com and MS teams email 581e7bfc.OFFICERAKUTEN.onmicrosoft.com@apac.teams.ms for any new alert that happens.

Since we migrated to a new system, we cloned our old STG Splunk Alerts and then updated the name and also the sourcetypes for the new STG Splunk Alerts. Everything else, schedule, email recipient, subject and email message are the same. We have deleted the old STG Splunk Alerts. Our last email from STG Splunk Alert was on July 28, which was from the old Splunk Alert.

We are wondering why it suddenly stopped sending emails. May I ask if you have any ideas?

This is only an issue in STG Splunk. New alerts in PRD Splunk are not working properly.

Our new alerts are here https://stg-asplunksrch101z.stg.jp.local/en-US/app/sens/alerts

This is for STG splunk with the following details:

User name: user_sens

Splunk host: https://stg-asplunksrch101z.stg.jp.local/

Group name: Ichiba Business Expansion Group

App team name: ibe

Service ID: 1013

SENS STG Splunk new alerts unable to send emails

alert action

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?