Does Sendresults use the same username and password defined for sendemail?
I've seen a note in the Splunk docs that says "If you are sending an email notification to a server that requires SMTP authentication, you must have the admin role assigned."
Yes, sendresults uses the same SMTP configuration that the built-in email capabilities and as such has the same role requirements as the documentation outlines.
I can understand why that might be the issue if I used the sendresults command inline, but I even see this error during a scheduled report. I would have expected it to use the same logic as the base "send email action", which I can schedule.
from index=_internal sourcetype=sendresults:log
2019-08-07 12:50:21,859 ERROR invocation_id=1565182221.77:80484 invocation_type="action" msg="Could not send email" rcpt="firstname.lastname@example.org,email@example.com" error="(530, 'Authentication required', firstname.lastname@example.org')"
Yes, I've looked into it, and that's a known issue with sendresults. We are looking at doing a new release in time for .conf and will see if we can match the native Splunk functionality.