Following is my content of "alert_actions.conf"
[email]
format = plain
from = Abhay the SPLUNKER
reportPaperSize = a4
reportServerURL =
subject = Splunk Alert: Test Mail From SPLUNK
But Still I am not able to send a mail ( Mail is not going ) Kindly help me out with this
Your "alert_actions.conf" must list a email server. Here is my example configuration. I simply route email through the host, because I know that the host is already configured to set up email:
[email]
...
# SMTP server sending out all alert emails
#
mailserver = localhost
Email alerting will not work if the email alert settings in Manager are not configured, or are configured incorrectly. You can define these settings at Manager > System settings > Email alert settings.
On the Email alert settings Manager page, you can define the Mail server settings (the mail host, security type, username, password, and so on) and the Email format (link hostname, email sender name, email subject header, and inline results format).
Hi,,
I did the following but I still can't receive email. Still getting "[Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: abc@gmail.com". What else should I do to make it work?
[email]
from = Splunk Control
pdf.header_left = none
pdf.header_right = none
# SMTP server sending out all alert emails
#
mailserver = localhost
check the splunk logs for errors :
the scheduler log to see if a alert is triggered:
index=_internal source=*scheduler.log* "name of your search"
the python log when the email script report the errors
index=_internal source=*python.log* email
and what about the pyton.log around the same time ?
12-14-2012 18:45:00 to 18:46:00
this is my scheduler.log data :
12-14-2012 18:45:04.726 +0530 INFO SavedSplunker - savedsearch_id="admin;search;greater than 200 results", user="admin", app="search", savedsearch_name="greater than 200 results", status=success, digest_mode=1, scheduled_time=1355490900, dispatch_time=1355490901, run_time=0.500, result_count=275, alert_actions="email", sid="scheduler_adminsearch_RMD5b380e21c61118824_at_1355490900_166", suppressed=0, thread_id="AlertNotifierWorker-0"
still , my mail is not going
I think the from field cannot contain spaces, its meant to be an email address. Have you looked in splunkd.log for any errors?
Also you will need to restart for this conf to take effect
I was talking about the actual value, including spaces in and around the equals is fine. This was actually a network issue in the end.
Spaces in the from =
field work for me. I use something like COMPANY Splunk <noreply@splunk.example.org>
and it works fine.
Errno 10061 is a python socket error. It means the SMTP server received the IP packet, but the TCP stack refused it, and closed the connection.
In other words, you're smtp server isn't running, or its running on a non-standard port, or iptables is set to block the traffic, or maybe you haven't installed/configured an SMTP server/relay on your splunk box ?
Well you still have spaces in the from field and I don't know if your email server is on the localhost or not, I also don't know what authentication it requires or the connectivity it has. The error you've pasted is related to the connectivity of the server, not Splunks side.
is this configuration ok ?
[email]
format = plain
from = Abhay the SPLUNKER
reportPaperSize = a4
reportServerURL =
subject = Splunk Alert: Test Mail From SPLUNK
I have given host = localhost also
Thats a network issue and not a Splunk issue, no connection could be made suggests a firewall, URL issue. Double check you've provided the correct settings for your email server
This error is giving when I am trying to give this manually :
command="sendemail", [Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: abhay.singh@xxx.com