Re: Splunk Cloud - Not receiving splunk alert emai...

jackin · ‎07-31-2022

Hi Team,

We are unable to get the alert emails even when the events matching the alert condition is present in Splunk cloud.

Please help how we can resolve this?

madhav_dholakia · ‎07-31-2022

Hi, we are also facing the same issue since this morning around 11 AM BST. No scheduled alert/report emails are not being sent. also tried the test email but it didn't work as well. thank you.

richgalloway · ‎07-31-2022

Search splunkd.log for "sendemail" to see if Splunk is reporting errors sending email. If not then your email provider may be discarding the messages as spam. Contact them.

---
If this reply helps you, Karma would be appreciated.

madhav_dholakia · ‎07-31-2022

Hi @richgalloway

tried sending an email using this search but no luck.

index=main | head 5 | sendemail to="firstname.lastname@email.address" server="localhost" subject="Test Mail" message="This is an example message" sendresults=true inline=true format=raw sendpdf=true

Also, when checking below search, it doesn't show any errors:

index="_internal" source="/opt/splunk/var/log/splunk/python.log" sendemail

INFO sendemail:184 - Sending email
INFO sendemail:1516 - Generated PDF for email

we have tried checking the emails for two different domains (where we have received emails until yesterday) and no issues with email blocking/black listing.

can you please suggest what else could be checked?

Thank you.

richgalloway · ‎07-31-2022

Something changed yesterday to prevent Splunk Cloud emails from being delivered. I suggest open a Support Request to have Splunk check things on their end and also working with your network team to verify Splunk Cloud email is allowed in.

---
If this reply helps you, Karma would be appreciated.

madhav_dholakia · ‎08-01-2022

thanks, @richgalloway - We have raised a ticket with support for this - We also checked with internal it team and no emails were blocked - also the emails were not received by other domain as well. these emails were not received for almost 4 hours and then without any actions, it started.

isoutamo · ‎08-02-2022

Hi

this sounds like there are one or more mail servers between SC and your mail servers which have some issues and cannot deliver mails online. They just queued those and send those later on when temporary resource issues have fixed. In old days that was quite common situation when servers and users has more limited quotas etc.

r. Ismo

madhav_dholakia · ‎08-02-2022

Hi @isoutamo

If it was a case of queueing, we would have received all the hourly email alerts once the temp resource issues were fixed – but it was not the case – we completely missed the emails (and not received lately).

Also, there were different email servers affected and only Splunk emails were not being received – without making any changes on these email servers, we started receiving emails at around 15:00 BST – the issue was only observed between 11:00-15:00 BST on 31st Jul.

Do you suggest if anything more specific that I should check?

Thank you.

Splunk Cloud - Why are we not receiving Splunk alert emails?

email

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk