Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

After upgrade to 7.2.6 unable to send test email with sendemail.py

mchang_splunk
Splunk Employee
Splunk Employee
‎05-09-2019 05:46 PM

After upgrade to 7.2.6, scheduled searches and/or alerts that would send PDF via email no longer work.

Running these searches manually ad-hoc produces the correct results expected. Previewing the PDF also works correctly, showing that the PDF is generated.

Looking in python.log, warnings are shown:

2019-04-25 03:01:02,688 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:02:02,839 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:02:02,872 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:02:02,904 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:03:03,140 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:03:03,146 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 03:10:03,206 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent
2019-04-25 06:00:03,332 -0500 WARNING sendemail:1398 - search results is empty, no email will be sent

We are able to reproduce this in our repro environments.

Reply
1 Solution
Solved! Jump to solution
Solution

mchang_splunk
Splunk Employee
Splunk Employee
‎05-09-2019 05:48 PM

This is a known issue SPL-169625 which will be fixed in later version.

Current workaround is:
1. Replace 'sendemail.py' from 7.2.6 with the same file in version 7.2.5.1.
2. Edit the saved search in the "Search" field replace "| noop" with "| makeresults"

View solution in original post

Reply
Solved! Jump to solution

solone1020
Engager
‎06-17-2019 04:42 PM

Find the file C:\Program Files\Splunk\etc\apps\search\bin\sendemail.py
Edit line 1392
if results: -> if True:
Can fix the issue.

0 Karma
Reply
Solved! Jump to solution

jhidalgo_splunk
Splunk Employee
Splunk Employee
‎05-29-2019 08:42 AM

For workaround #2 do:
Goto Settings > All configurations > click on the _ScheduledView that you just created and the search field will default to "| noop". Change the Search default to "| makeresults" for it to work for now.

0 Karma
Reply
Solved! Jump to solution

gjanders
SplunkTrust
SplunkTrust
‎05-30-2019 06:48 PM

Are workaround's #1 and #2 two alternatives? Or do both need to be done?

Thanks

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Solved! Jump to solution

jhidalgo_splunk
Splunk Employee
Splunk Employee
‎05-31-2019 10:14 AM

They are alternatives, you do not need to do both of them.

Reply
Solved! Jump to solution
Solution

mchang_splunk
Splunk Employee
Splunk Employee
‎05-09-2019 05:48 PM

This is a known issue SPL-169625 which will be fixed in later version.

Current workaround is:
1. Replace 'sendemail.py' from 7.2.6 with the same file in version 7.2.5.1.
2. Edit the saved search in the "Search" field replace "| noop" with "| makeresults"

Reply
Solved! Jump to solution

gunzola
Path Finder
‎05-23-2019 02:45 AM

Please update https://docs.splunk.com/Documentation/Splunk/7.2.6/ReleaseNotes/Knownissues
Description of impact/defect is not clear. We have several customers relying on scheduled pdf - not working for some (upgraded installations).

Reply
Solved! Jump to solution

iserc
Engager
‎05-23-2019 07:30 AM

I concur. Please update the release notes with detailed workarounds. Email reports failures from an enterprise level logging solution is not a small issue.

Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...