Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Reporting
- :
- Re: Alert email not being sent
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alert email not being sent
In 6.2.2 we are not seeing email alerts being sent out.
Searching the logs I see:
ERROR sendemail:348 - 'NoneType' object has no attribute 'find' while sending mail to: email@abc.com
ERROR sendemail:112 - Sending email. subject="blah blah"
Any suggestions?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, have you found a solution to this problem ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can also consult the python log file by looking for this source in the internal index- $SPLUNK_HOME/var/log/splunk/python.log
This will show INFO and ERROR messages emitted by the email script and may show more information for troubleshooting. There can be a number of root causes, like SMTP be down, queued, etc related to sending mail. You need to look at the log and see.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not my question but I'm getting
ERROR sendemail:114 - Sending email
Any idea whats that about ? no other messages are being generated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Usually it is some problem with sendmail.
Did you check the python.log source too, usually that does yield other clues, like this one showing diskspace being exhausted:
/opt/splunk/var/log/splunk/python.log.1:2014-06-19 17:41:10,702 -0400 ERROR sendemail:112 - Sending email. subject
/opt/splunk/var/log/splunk/python.log.1:2014-06-19 17:41:10,702 -0400 ERROR sendemail:348 - (452, '4.4.5 Insufficient disk space; try again later', u'splunk@splunk-search-head-2.x.x.x') while sending mail to: x@x.com
If that doesn't show anything, the next troubleshooting step is to run sendmail from the command line as the splunk user: /usr/sbin/sendmail -f testfrom@yourdomain.com testfto@yourdomain.com
This will show any possible errors. If you are in linux, you can also check /var/log/maillog
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The first error is a common python error. the script that sends the email for an alert is written in python.
Looking at v 6.2.2 of this script, this error is emitted when the script tries to transmit the email. There should be another error message immediately before the one shown in that same index.
You can also consult the file - $SPLUNK_HOME/var/log/splunk/python.log
This will show INFO and ERROR messages emitted by the email script. It will likely yield further clues.
Inspect your mail server configuration under Settings->Server Settings->Email Settings
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
email settings are the default settings. It seems to have stopped working on Monday (looking at the error counts). Not sure why it stopped working all of a sudden.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
