Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to trigger alert from splunk - Name or service not known while sending mail

splunker12er
Motivator
‎06-20-2014 02:29 AM

I cannot able to trigger alerts from splunk.

Splunk Version : 6.1

Below is the error message that i can see in :

source="/opt/splunk/var/log/splunk/python.log"

Eg email : myemailid@domain.net

alert_actions.conf

[email]
mailserver = smtp.domain.net
reportServerEnabled = 0
reportServerURL = 
from = Splunk

commands.conf

[sendemail]
filename = sendemail.py
streaming = false
run_in_preview = false
passauth = true
required_fields = 
changes_colorder = false
supports_rawargs = true

ERROR Logs:

2014-06-20 09:20:02,244 +0000 ERROR sendemail:348 - [Errno -2] Name or service not known while sending mail to: myemailid@domain.net
2014-06-20 09:20:02,243 +0000 ERROR sendemail:112 - Sending email. subject="Splunk Alert: Top five sourcetypes", results_link="htt://splunkservername:8000/app/search/@go?sid=scheduler__nobody__search__RMD5d5bc9be9473d1026_at_1403256000_14627", recipients="[u'myemailid@domain.net]"
Tags (2)
0 Karma
Reply

evinasco
Communicator
‎01-21-2019 01:50 PM

could somebody fix this issue?

0 Karma
Reply

brod_geico
Path Finder
‎12-02-2014 12:56 PM

I have similar issues can some one tell me what was the fix for this

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎06-21-2014 11:31 PM

Hi splunker12er,

looking at the sendemail.py script, your saved search fails during the try: to send the email. Actually at the moment, when the smtp auth user is checked.

  • Did you double check all the settings related to sending emails?
  • Increase the EmailSender system logging channel
  • What happens if you use the working search as saved search, does this send the email? Meaning, take the |sendemail to="myemailid@domain.net" smtp="smtp.domain.net" sendresults=true format=html search and run it as saved search.

cheers, MuS

0 Karma
Reply

splunker12er
Motivator
‎06-22-2014 12:29 AM

error Log:

ERROR sendemail:348 - please run connect() first while sending mail to: myemailid@domain.net

0 Karma
Reply

splunker12er
Motivator
‎06-22-2014 12:27 AM

I removed the smtp server name from the "Email Settings" page in Splunk Web.
(Point 3) When i save my search appended with the | sendemail command it works great.

But, when i use only my search query it doesnt send email.

0 Karma
Reply

splunker12er
Motivator
‎06-20-2014 02:41 AM

When I use my query appended with ,
|sendemail to="myemailid@domain.net" smtp="smtp.domain.net" sendresults=true format=html

But why doesn't work with saved searches , i am confused

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...