I cannot able to trigger alerts from splunk.
Splunk Version : 6.1
Below is the error message that i can see in :
Eg email : email@example.com
[email] mailserver = smtp.domain.net reportServerEnabled = 0 reportServerURL = from = Splunk
[sendemail] filename = sendemail.py streaming = false run_in_preview = false passauth = true required_fields = changes_colorder = false supports_rawargs = true
2014-06-20 09:20:02,244 +0000 ERROR sendemail:348 - [Errno -2] Name or service not known while sending mail to: firstname.lastname@example.org 2014-06-20 09:20:02,243 +0000 ERROR sendemail:112 - Sending email. subject="Splunk Alert: Top five sourcetypes", results_link="htt://splunkservername:8000/app/search/@go?sid=scheduler__nobody__search__RMD5d5bc9be9473d1026_at_1403256000_14627", recipients="[email@example.com]"
looking at the
sendemail.py script, your saved search fails during the
try: to send the email. Actually at the moment, when the smtp auth user is checked.
EmailSendersystem logging channel
|sendemail to="firstname.lastname@example.org" smtp="smtp.domain.net" sendresults=true format=htmlsearch and run it as saved search.
I removed the smtp server name from the "Email Settings" page in Splunk Web.
(Point 3) When i save my search appended with the | sendemail command it works great.
But, when i use only my search query it doesnt send email.