Hi All,
Need your help to resolve below issue.
Using below query, adding a button to Dashboard.
By clicking that button, sending the information of line to user.
Instead of using personal mail id, i will use official mail id is one of the change in below mentioned query.
Getting Following Error:
command="sendemail", 'rootCAPath' while sending mail to: shankarananth@gmail.com
index=_internal sendemail to="shankarananth@gmail.com" format=raw subject=myresults server=mail.splunk.com sendresults=true
Thanks in advance ..
Update:
"sendemail" does not work for default users with default user-role capability.
The issue was reported back to me to be solved in 8.1.3, unfortunately it is not.
Are you saying that with some other email address it works, but with this email, it does not? In other words, does sendemail
ever work for you? If not, check the error logs with this search:
index=_* sendemail AND (fail* OR err* OR timeout OR cannot OR incomplete OR invalid OR unknown OR reject* OR deni* OR deny)
Hi,
You need to send result from index=_internal
to sendmail command and for that you need to use pipe |
, additionally please use correct mail server, in your query you have given mail.splunk.com
but do you have access to send email usingmail.splunk.com
? You need to use your company email server instead of mail.splunk.com
Please try below query
index=_internal | sendemail to="shankarananth@gmail.com" format=raw subject=myresults server=mail.splunk.com sendresults=true
@harsmarvania57 ,
First of all thank for the reply.
By mistake i left the | pipe in between index=_internal and sendemail while posting the query.
It's not working. As you said i will check for company mail server and give a try.
Thanks,
Shankar
Well just a note, in Order to use your company server name you would need to whitelist splunk server IP in your company's mail server.
Hi,
Since some version (now using 8.1.2) I have trouble to use the 'sendemail' command in a search (dashboard/form) for users that have the standard user-roles. This issue is troubling me for almost 1.5 year now. Of course I am aware of the need to select 'list_settings' but had never has any results. When selecting 'admin_all_objects' in the standard user-role it is successful.
But using the 'admin_all_objects' for standard user is nothing but a security breach. That can not be the solution , so what do I miss here?
An why does Splunk not create a separate and straightforward capability for this 'sendemail' command?
Ashley Pietersen