Solved: Re: Why is an email not being sent when my alert i...

nitesh218 · ‎04-13-2015

Hi

I created an alert that is triggered correctly, but the email is not sent by Splunk log i got error

[Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond while sending mail to: user2@gmail.com

or sometimes

 [Errno 11004] getaddrinfo failed while sending mail to:user2@gmail.com

My email settings in Server settings » Email settings

alert_action.conf

[email]
auth_password = password*****i
auth_username = user@gmail.com
mailserver = smtp.gmail.com:587
format = html
use_tls = 0      I changed this to 1 also, but email still wasn't sent
use_ssl = 0

My alert configuration is:
savedsearches.conf file

[request]
action.email = 1
action.email.priority = 2
action.email.reportServerEnabled = 0
action.email.to = user2@gmail.com
action.email.useNSSubject = 1
alert.severity = 4
alert.suppress = 1
alert.suppress.period = 30s
alert.track = 1
counttype = number of events
cron_schedule = */2 * * * *
description = resuest resive
dispatch.latest_time = now
display.events.fields = ["host","source","sourcetype","Msg"]
display.general.type = statistics
display.page.search.mode = verbose
display.page.search.tab = statistics
enableSched = 1
quantity = 1
relation = greater than
request.ui_dispatch_app = search
request.ui_dispatch_view = search
search = index="newpwm" source="SOCK_20150327_192217.log" Msg=Q*| eval vv=substr(Msg, 7,8) | Table _time Msg vv

Please help me. For 1 day I've tried many times to use my company domain and port, but it's not working. I want an email sent only when the alert is triggered.

NOUMSSI · ‎04-14-2015

Hi,
if your splunk instance is installed locally, it can't send emails because emails are going from one server to anothers.
In spite you are connected to internet when you work on your local splunk instance, you are not on a server. So your splunk instance couldn't send email.
But if your splunk instance is on the cloud, it'll send emails correctly.

View solution in original post

NOUMSSI · ‎04-14-2015

Hi,
if your splunk instance is installed locally, it can't send emails because emails are going from one server to anothers.
In spite you are connected to internet when you work on your local splunk instance, you are not on a server. So your splunk instance couldn't send email.
But if your splunk instance is on the cloud, it'll send emails correctly.

nitesh218ss · ‎04-14-2015

thanks for reply sir

nitesh218ss · ‎04-14-2015

my company give new mailid is which authorize for sending mail so i use this they sent mail now

ppablo · ‎04-14-2015

Hi @nitesh218ss

If your problem is solved, don't forget to accept @NOUMSSI's answer by clicking on "Accept" below their answer.

stephanefotso · ‎04-13-2015

Is your splunk instance is installed in the cloud? or locally?
If locally, check the external exchange server that you use to send emails.

SGF

nitesh218 · ‎04-14-2015

where i get this external exchange server sir and how i change this
please help me

stephanefotso · ‎04-14-2015

No, just to say you need to host your splunk instance before, Since you must be in the cloud to access to mail servers, which allow the email sending.

SGF

nitesh218 · ‎04-14-2015

localhost:8000

Why is an email not being sent when my alert is triggered?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?