Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- Splunk server doesn't send emails
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
I have a problem - my splunk server isn't sending any alert emails.
Here are some details:
I have 2 splunk servers. Both use splunk 6.2, and both run on windows server 2012.
there is no cluster between them, but both are supposed the be the same.
Now that's the fun part- one the the servers is sending mails, and the other one not.
I have searched the python log using this search:
index=_internal source=*python.log*
and I found this error message:
"Sendmail:348 - (421, '4.3.2 service not available, closing transmission channel') while sending mail to ...."
Google suggested that the smtp server is blocking the server's request, but I cant understand why. Both servers are requesting the same smtp server using the same default port, both are sending email to the same mail address, both servers are in the same domain.
The only thing I can think of- maybe the domain user that run splunk is different? is there anyway to check this?
Do you have any ideas how to solve this problem? There are some importent alerts that i'm missing every day because of this.
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tom1187,
did you verified that:
- route between Splunk Server and email server is open on the used port (try using telnet);
- email configuration is ok [Settings -- Server Settings -- eMail Seetings]:
- mail host,
- email security
- username and password of a service user.
- eMail attachment doesn't exceed dimensions.
Bye.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am facing the same issue. My email settings are fine. The Telnet works well. It says Mail service ready.
There are no errors on the python logs too. But, we are not receiving emails.
2018-05-09 13:16:31,005 -0000 INFO sendemail:1134 - sendemail pdfgen_available = 1
2018-05-09 13:16:31,036 -0000 INFO sendemail:1268 - sendemail:mail effectiveTime=None
2018-05-09 13:16:40,089 -0000 INFO sendemail:1288 - Generated PDF for email
2018-05-09 13:16:44,147 -0000 INFO sendemail:134 - Sending email. subject="ErrorSummary", results_link="None", recipients="[u'XXXX@accenture.com']", server="xxxxx.smtp.accenture.com:25"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tom1187,
did you verified that:
- route between Splunk Server and email server is open on the used port (try using telnet);
- email configuration is ok [Settings -- Server Settings -- eMail Seetings]:
- mail host,
- email security
- username and password of a service user.
- eMail attachment doesn't exceed dimensions.
Bye.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, the email configurations was fine, but turns out the problem was with the smtp that blocked my requests.
I found that using the telnet command, as you suggested.
Thanks you!
Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain
Splunk Lantern’s Guide to The Most Popular .conf25 Sessions
Unlock What’s Next: The Splunk Cloud Platform at .conf25
