Reporting

Alert email not being sent

Splunk Employee
Splunk Employee

In 6.2.2 we are not seeing email alerts being sent out.

Searching the logs I see:

ERROR sendemail:348 - 'NoneType' object has no attribute 'find' while sending mail to: email@abc.com

ERROR sendemail:112 - Sending email. subject="blah blah"

Any suggestions?

SplunkTrust
SplunkTrust

Hello, have you found a solution to this problem ?

0 Karma

Path Finder

You can also consult the python log file by looking for this source in the internal index- $SPLUNK_HOME/var/log/splunk/python.log

This will show INFO and ERROR messages emitted by the email script and may show more information for troubleshooting. There can be a number of root causes, like SMTP be down, queued, etc related to sending mail. You need to look at the log and see.

0 Karma

SplunkTrust
SplunkTrust

Not my question but I'm getting

ERROR sendemail:114 - Sending email

Any idea whats that about ? no other messages are being generated.

0 Karma

Path Finder

Usually it is some problem with sendmail.

Did you check the python.log source too, usually that does yield other clues, like this one showing diskspace being exhausted:

/opt/splunk/var/log/splunk/python.log.1:2014-06-19 17:41:10,702 -0400 ERROR sendemail:112 - Sending email. subject

/opt/splunk/var/log/splunk/python.log.1:2014-06-19 17:41:10,702 -0400 ERROR sendemail:348 - (452, '4.4.5 Insufficient disk space; try again later', u'splunk@splunk-search-head-2.x.x.x') while sending mail to: x@x.com

If that doesn't show anything, the next troubleshooting step is to run sendmail from the command line as the splunk user: /usr/sbin/sendmail -f testfrom@yourdomain.com testfto@yourdomain.com

This will show any possible errors. If you are in linux, you can also check /var/log/maillog

0 Karma

Path Finder

The first error is a common python error. the script that sends the email for an alert is written in python.

Looking at v 6.2.2 of this script, this error is emitted when the script tries to transmit the email. There should be another error message immediately before the one shown in that same index.

You can also consult the file - $SPLUNK_HOME/var/log/splunk/python.log
This will show INFO and ERROR messages emitted by the email script. It will likely yield further clues.

Inspect your mail server configuration under Settings->Server Settings->Email Settings

0 Karma

Splunk Employee
Splunk Employee

email settings are the default settings. It seems to have stopped working on Monday (looking at the error counts). Not sure why it stopped working all of a sudden.

0 Karma