- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: Send a mail using sendemail command from searc...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Send a mail using sendemail command from search?
Hi All,
Need your help to resolve below issue.
Using below query, adding a button to Dashboard.
By clicking that button, sending the information of line to user.
Instead of using personal mail id, i will use official mail id is one of the change in below mentioned query.
Getting Following Error:
command="sendemail", 'rootCAPath' while sending mail to: shankarananth@gmail.com
index=_internal sendemail to="shankarananth@gmail.com" format=raw subject=myresults server=mail.splunk.com sendresults=true
Thanks in advance ..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Update:
"sendemail" does not work for default users with default user-role capability.
The issue was reported back to me to be solved in 8.1.3, unfortunately it is not.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you saying that with some other email address it works, but with this email, it does not? In other words, does sendemail ever work for you? If not, check the error logs with this search:
index=_* sendemail AND (fail* OR err* OR timeout OR cannot OR incomplete OR invalid OR unknown OR reject* OR deni* OR deny)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You need to send result from index=_internal to sendmail command and for that you need to use pipe |, additionally please use correct mail server, in your query you have given mail.splunk.com but do you have access to send email usingmail.splunk.com ? You need to use your company email server instead of mail.splunk.com
Please try below query
index=_internal | sendemail to="shankarananth@gmail.com" format=raw subject=myresults server=mail.splunk.com sendresults=true
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@harsmarvania57 ,
First of all thank for the reply.
By mistake i left the | pipe in between index=_internal and sendemail while posting the query.
It's not working. As you said i will check for company mail server and give a try.
Thanks,
Shankar
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well just a note, in Order to use your company server name you would need to whitelist splunk server IP in your company's mail server.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Since some version (now using 8.1.2) I have trouble to use the 'sendemail' command in a search (dashboard/form) for users that have the standard user-roles. This issue is troubling me for almost 1.5 year now. Of course I am aware of the need to select 'list_settings' but had never has any results. When selecting 'admin_all_objects' in the standard user-role it is successful.
But using the 'admin_all_objects' for standard user is nothing but a security breach. That can not be the solution , so what do I miss here?
An why does Splunk not create a separate and straightforward capability for this 'sendemail' command?
Ashley Pietersen
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
