Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Alerts triggered but emails are not receiving after 5minutes from triggered time.

chaitanya1996
Engager
‎02-03-2021 07:43 AM

Hello splunkers,

Please help me to figure out this issue!

I have a realtime alert which triggers an alert and send the email to users.

when i ingest 62 files in splunk index, triggered alerts are 52 but i have received only 44 email notifications only.

I figured out that the first email was received at 20:35 and 44th email at 20:40 and not received any further.
I have also tried changing these two parameters of alert from there default value 5m,

1. action.email.maxtime-->1800

2. action.script.maxtime-->1800

 

splunk enterprise v6.6.3

Please help me if any other parameter is to be changed, or any known issue like this.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

me74fhfd
Path Finder
‎02-03-2021 10:14 AM

What kind of information are you sending your users in email, if you are using inline table in email body you might have an issue with large number of rows. Alternatively use this SPL: index=_internal sendemail and try to find root cause.

0 Karma
Reply

chaitanya1996
Engager
‎02-03-2021 09:58 PM

Hi, 
I have tried query "index=_internal  sourcetype=splunk_python" and the results are same as the number of emails i have received.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...