I have a problem - my splunk server isn't sending any alert emails.
Here are some details:
I have 2 splunk servers. Both use splunk 6.2, and both run on windows server 2012.
there is no cluster between them, but both are supposed the be the same.
Now that's the fun part- one the the servers is sending mails, and the other one not.
I have searched the python log using this search:
and I found this error message:
"Sendmail:348 - (421, '4.3.2 service not available, closing transmission channel') while sending mail to ...."
Google suggested that the smtp server is blocking the server's request, but I cant understand why. Both servers are requesting the same smtp server using the same default port, both are sending email to the same mail address, both servers are in the same domain.
The only thing I can think of- maybe the domain user that run splunk is different? is there anyway to check this?
Do you have any ideas how to solve this problem? There are some importent alerts that i'm missing every day because of this.