Reporting

Alerts triggered but emails are not receiving after 5minutes from triggered time.

chaitanya1996
Engager

Hello splunkers,

Please help me to figure out this issue!

I have a realtime alert which triggers an alert and send the email to users.

when i ingest 62 files in splunk index, triggered alerts are 52 but i have received only 44 email notifications only.

I figured out that the first email was received at 20:35 and 44th email at 20:40 and not received any further.
I have also tried changing these two parameters of alert from there default value 5m,

1. action.email.maxtime-->1800

2. action.script.maxtime-->1800

 

splunk enterprise v6.6.3

Please help me if any other parameter is to be changed, or any known issue like this.

Labels (1)
Tags (1)
0 Karma

me74fhfd
Path Finder

What kind of information are you sending your users in email, if you are using inline table in email body you might have an issue with large number of rows. Alternatively use this SPL: index=_internal sendemail and try to find root cause.

0 Karma

chaitanya1996
Engager

Hi, 
I have tried query "index=_internal  sourcetype=splunk_python" and the results are same as the number of emails i have received.

0 Karma
Get Updates on the Splunk Community!

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...