I cannot able to trigger alerts from splunk.
Splunk Version : 6.1
Below is the error message that i can see in :
source="/opt/splunk/var/log/splunk/python.log"
Eg email : myemailid@domain.net
alert_actions.conf
[email]
mailserver = smtp.domain.net
reportServerEnabled = 0
reportServerURL =
from = Splunk
commands.conf
[sendemail]
filename = sendemail.py
streaming = false
run_in_preview = false
passauth = true
required_fields =
changes_colorder = false
supports_rawargs = true
ERROR Logs:
2014-06-20 09:20:02,244 +0000 ERROR sendemail:348 - [Errno -2] Name or service not known while sending mail to: myemailid@domain.net
2014-06-20 09:20:02,243 +0000 ERROR sendemail:112 - Sending email. subject="Splunk Alert: Top five sourcetypes", results_link="htt://splunkservername:8000/app/search/@go?sid=scheduler__nobody__search__RMD5d5bc9be9473d1026_at_1403256000_14627", recipients="[u'myemailid@domain.net]"
could somebody fix this issue?
I have similar issues can some one tell me what was the fix for this
Hi splunker12er,
looking at the sendemail.py
script, your saved search fails during the try:
to send the email. Actually at the moment, when the smtp auth user is checked.
EmailSender
system logging channel|sendemail to="myemailid@domain.net" smtp="smtp.domain.net" sendresults=true format=html
search and run it as saved search.cheers, MuS
error Log:
ERROR sendemail:348 - please run connect() first while sending mail to: myemailid@domain.net
I removed the smtp server name from the "Email Settings" page in Splunk Web.
(Point 3) When i save my search appended with the | sendemail command it works great.
But, when i use only my search query it doesnt send email.
When I use my query appended with ,
|sendemail to="myemailid@domain.net" smtp="smtp.domain.net" sendresults=true format=html
But why doesn't work with saved searches , i am confused