I have my smtp server configured correctly and have setup and do receive plenty of alerts for scheduled searches. However when I attempt to use the sendemail
command, the following error is displayed:
[Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: foo@bar.com
The only error I can find in the logs is from var/log/python.log:
2010-07-28 10:18:51,105 ERROR Sending email. subject="Splunk Results", results_link="None", recepients="['foo@bar.comm']"
I haven't been able to find any other errors related to this, and this is the only line in python.log.
I am using sendemail as follows:
my search terms | sendemail to=foo@bar.com sendresults=true
Windows Installation, 4.1.3. What am I doing wrong?
The sendemail command by default attempts to use localhost as the SMTP server and ignores the settings used for scheduled search alerts. If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail
will fail when trying to connect to localhost.
To work around this, specify server
in sendemail
as follows:
my search terms | sendemail to=foo@bar.com sendresults=true server=mail.bar.com
For some reason, sendemail.py doesn't use the same parameters as scheduled search.
Setting the server parameters in the GUI (Settings->Server Settings->Email Settings) will get scheduled search to work, but not sendemail.
Saved searches look in users/XXX/search/loca/savedsearches.conf, and then in ./system/local/alert_actions.conf
sendemail from the command line doesn't. Or doesn't seem to. Maybe it does but the configured parameters are being overridden by empty strings from the command line?
Either way, if you don't want to always be typing server=XXX on the command line, one option is to edit sendemail.py and hardcode your server config:
For eg:
Instead of:
server = ssContent.get('action.email.mailserver', 'localhost')
Use:
server = ssContent.get('action.email.mailserver', 'yourhost')
If your email server enabled the ssl or tls, you need to use the following syntax.
For tls enabled mail server:
For ssl enabled mail server:
Same here as hiteshkanchan. Does not seem Splunk can actually send out emails from command.
The sendemail command by default attempts to use localhost as the SMTP server and ignores the settings used for scheduled search alerts. If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail
will fail when trying to connect to localhost.
To work around this, specify server
in sendemail
as follows:
my search terms | sendemail to=foo@bar.com sendresults=true server=mail.bar.com
I am getting the following error
command="sendemail", 'rootCAPath' while sending mail to: *****
Adding the server= command worked for me also. Wasn't aware that the command line would ignore the server wide email settings.
This worked for me. Wasted over an hour on this!
It is not working for me. Please help me brother.
I tried this this command and it gives the error like "command="sendemail", Connection unexpectedly closed while sending mail to: user@domain.com