Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Alert email not being sent

rmorlen
Splunk Employee
Splunk Employee
‎04-02-2015 06:41 AM

In 6.2.2 we are not seeing email alerts being sent out.

Searching the logs I see:

ERROR sendemail:348 - 'NoneType' object has no attribute 'find' while sending mail to: email@abc.com

ERROR sendemail:112 - Sending email. subject="blah blah"

Any suggestions?

Reply

DavidHourani
Super Champion
‎06-23-2015 07:02 AM

Hello, have you found a solution to this problem ?

0 Karma
Reply

jnicholsenernoc
Path Finder
‎06-23-2015 07:09 AM

You can also consult the python log file by looking for this source in the internal index- $SPLUNK_HOME/var/log/splunk/python.log

This will show INFO and ERROR messages emitted by the email script and may show more information for troubleshooting. There can be a number of root causes, like SMTP be down, queued, etc related to sending mail. You need to look at the log and see.

0 Karma
Reply

DavidHourani
Super Champion
‎06-23-2015 07:21 AM

Not my question but I'm getting

ERROR sendemail:114 - Sending email

Any idea whats that about ? no other messages are being generated.

0 Karma
Reply

jnicholsenernoc
Path Finder
‎06-23-2015 09:57 AM

Usually it is some problem with sendmail.

Did you check the python.log source too, usually that does yield other clues, like this one showing diskspace being exhausted:

/opt/splunk/var/log/splunk/python.log.1:2014-06-19 17:41:10,702 -0400 ERROR sendemail:112 - Sending email. subject

/opt/splunk/var/log/splunk/python.log.1:2014-06-19 17:41:10,702 -0400 ERROR sendemail:348 - (452, '4.4.5 Insufficient disk space; try again later', u'splunk@splunk-search-head-2.x.x.x') while sending mail to: x@x.com

If that doesn't show anything, the next troubleshooting step is to run sendmail from the command line as the splunk user: /usr/sbin/sendmail -f testfrom@yourdomain.com testfto@yourdomain.com

This will show any possible errors. If you are in linux, you can also check /var/log/maillog

0 Karma
Reply

jnicholsenernoc
Path Finder
‎04-02-2015 08:05 AM

The first error is a common python error. the script that sends the email for an alert is written in python.

Looking at v 6.2.2 of this script, this error is emitted when the script tries to transmit the email. There should be another error message immediately before the one shown in that same index.

You can also consult the file - $SPLUNK_HOME/var/log/splunk/python.log
This will show INFO and ERROR messages emitted by the email script. It will likely yield further clues.

Inspect your mail server configuration under Settings->Server Settings->Email Settings

0 Karma
Reply

rmorlen
Splunk Employee
Splunk Employee
‎04-02-2015 09:41 AM

email settings are the default settings. It seems to have stopped working on Monday (looking at the error counts). Not sure why it stopped working all of a sudden.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...