Getting Data In

ERROR Sending email with sendemail, but alert emails work fine

Motivator

I have my smtp server configured correctly and have setup and do receive plenty of alerts for scheduled searches. However when I attempt to use the sendemail command, the following error is displayed:

[Errno 10061] No connection could be made because the target machine actively refused it while sending mail to: foo@bar.com

The only error I can find in the logs is from var/log/python.log:

2010-07-28 10:18:51,105 ERROR Sending email. subject="Splunk Results", results_link="None", recepients="['foo@bar.comm']"

I haven't been able to find any other errors related to this, and this is the only line in python.log.

I am using sendemail as follows:

my search terms | sendemail to=foo@bar.com sendresults=true

Windows Installation, 4.1.3. What am I doing wrong?

1 Solution

Motivator

The sendemail command by default attempts to use localhost as the SMTP server and ignores the settings used for scheduled search alerts. If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail will fail when trying to connect to localhost.

To work around this, specify server in sendemail as follows:

my search terms | sendemail to=foo@bar.com sendresults=true server=mail.bar.com

View solution in original post

Path Finder

For some reason, sendemail.py doesn't use the same parameters as scheduled search.

Setting the server parameters in the GUI (Settings->Server Settings->Email Settings) will get scheduled search to work, but not sendemail.

Saved searches look in users/XXX/search/loca/savedsearches.conf, and then in ./system/local/alert_actions.conf

sendemail from the command line doesn't. Or doesn't seem to. Maybe it does but the configured parameters are being overridden by empty strings from the command line?

Either way, if you don't want to always be typing server=XXX on the command line, one option is to edit sendemail.py and hardcode your server config:

For eg:

Instead of:

server     = ssContent.get('action.email.mailserver', 'localhost')

Use:

server     = ssContent.get('action.email.mailserver', 'yourhost')

Splunk Employee
Splunk Employee

If your email server enabled the ssl or tls, you need to use the following syntax.

For tls enabled mail server:
| sendemail from= to= server=":" use_tls=true username= password= sendresults=true

For ssl enabled mail server:
| sendemail from= to= server=":" use_ssl=true username= password= sendresults=true

New Member

Same here as hiteshkanchan. Does not seem Splunk can actually send out emails from command.

0 Karma

Motivator

The sendemail command by default attempts to use localhost as the SMTP server and ignores the settings used for scheduled search alerts. If you do not have an SMTP server or forwarder installed (which on Windows is quite likely), sendemail will fail when trying to connect to localhost.

To work around this, specify server in sendemail as follows:

my search terms | sendemail to=foo@bar.com sendresults=true server=mail.bar.com

View solution in original post

Path Finder

I am getting the following error

command="sendemail", 'rootCAPath' while sending mail to: *****

New Member

Adding the server= command worked for me also. Wasn't aware that the command line would ignore the server wide email settings.

0 Karma

Engager

This worked for me. Wasted over an hour on this!

Engager

It is not working for me. Please help me brother.

0 Karma

Communicator

I tried this this command and it gives the error like "command="sendemail", Connection unexpectedly closed while sending mail to: user@domain.com

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!