- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I have configured real time in my trial Splunk environment & the rule got fired in the triggered results.
But the problem is that I have configured the alert to my mail ID, but I m not getting any emails regarding the alerts.
Please, can anyone let me know what may be the issue?
Thanks,
Ramu.R
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Probably you have not configured your mail server settings correctly on the Search Head (found in Settings -> Server settings -> Email settings). If you have, test them manually with a command like this:
index=_* | head 1 | sendemail to="elvis@splunk.com" subject="test"
If that works, so should your alert. If not, start debugging.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Probably you have not configured your mail server settings correctly on the Search Head (found in Settings -> Server settings -> Email settings). If you have, test them manually with a command like this:
index=_* | head 1 | sendemail to="elvis@splunk.com" subject="test"
If that works, so should your alert. If not, start debugging.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I m getting the below error while executing the above command :
'command="sendemail", [Errno 11001] getaddrinfo failed while sending mail to: elvis@splunk.com
Can anyone please let me know what exactly need to configure under mail settings in step by step procedure.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do not useelvis@splunk.com; use your own email address that you know is valid. Then see if you get the email.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tried even my e-mail ID, getting the same error ..!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you already configured your mail settings in Splunk? If not, this guide will help you do that:
http://docs.splunk.com/Documentation/Splunk/7.0.3/Alert/Emailnotification
Have you been able to receive emails already from this Splunk instance - for other alerts, maybe? If this is the first time, I'd recommend taking a close look at those mail settings. You can also look at your internal logs for records of Splunk attempting to send emails:
index=_internal sendemail
