Solved: Re: After upgrade to 7.2.6 unable to send test ema...

mchang_splunk · ‎05-09-2019

After upgrade to 7.2.6, scheduled searches and/or alerts that would send PDF via email no longer work.

Running these searches manually ad-hoc produces the correct results expected. Previewing the PDF also works correctly, showing that the PDF is generated.

Looking in python.log, warnings are shown:

2019-04-25 03:01:02,688 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:02:02,839 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:02:02,872 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:02:02,904 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:03:03,140 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:03:03,146 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:10:03,206 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 06:00:03,332 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent

We are able to reproduce this in our repro environments.

mchang_splunk · ‎05-09-2019

This is a known issue SPL-169625 which will be fixed in later version.

Current workaround is:
1. Replace 'sendemail.py' from 7.2.6 with the same file in version 7.2.5.1.
2. Edit the saved search in the "Search" field replace "| noop" with "| makeresults"

View solution in original post

solone1020 · ‎06-17-2019

Find the file C:\Program Files\Splunk\etc\apps\search\bin\sendemail.py
Edit line 1392
if results: -> if True:
Can fix the issue.

jhidalgo_splunk · ‎05-29-2019

For workaround #2 do:
Goto Settings > All configurations > click on the _ScheduledView that you just created and the search field will default to "| noop". Change the Search default to "| makeresults" for it to work for now.

gjanders · ‎05-30-2019

Are workaround's #1 and #2 two alternatives? Or do both need to be done?

Thanks

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

jhidalgo_splunk · ‎05-31-2019

They are alternatives, you do not need to do both of them.

mchang_splunk · ‎05-09-2019

This is a known issue SPL-169625 which will be fixed in later version.

Current workaround is:
1. Replace 'sendemail.py' from 7.2.6 with the same file in version 7.2.5.1.
2. Edit the saved search in the "Search" field replace "| noop" with "| makeresults"

gunzola · ‎05-23-2019

Please update https://docs.splunk.com/Documentation/Splunk/7.2.6/ReleaseNotes/Knownissues
Description of impact/defect is not clear. We have several customers relying on scheduled pdf - not working for some (upgraded installations).

iserc · ‎05-23-2019

I concur. Please update the release notes with detailed workarounds. Email reports failures from an enterprise level logging solution is not a small issue.

After upgrade to 7.2.6 unable to send test email with sendemail.py

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life