Other Usage
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get emails to send, it shows as triggered but does not send email?

zebulajams
Explorer
‎03-15-2022 09:20 AM

I know this is a commonly asked question due to it's complexity, but I cannot figure out how to get emails to send via Splunk alert.

I created a simple search to find a specific string and created an alert with the following:

App: Search

Permissions: Private. Owned by admin.

Alert Type: Real-Time

Trigger Condition: Per-Result

Actions: Send email / Add to Triggered Alerts

I see it being triggered, but it never sends the email. I've tried sending it to two different email addresses. One to my work email, and another to my phone as a text (phoneNumber@mms.att.net) and neither of them work. The trigger appears in the list though.

I have tried multiple mail hosts in the configuration, but the current one is the default that appeared when I opened it: smtp-mail.outlook.com:587

Email security: I have tried all three options

No user/pass currently configured

Allowed Domains: mms.att.net

Send Emails As: SplunkAlert@test.edu

I've been sifting through the Splunk documentation for hours now and can't seem to get it right. Any ideas?

Thanks

Labels (1)
Labels
Tags (2)
0 Karma
Reply

vinod743374
Communicator
‎03-16-2022 06:12 AM

Greetings for the Day !!

I thought there might be a login issue,
The Mail Id , Which you are giving It should not be Two Factor Authentication Enabled,
in that case the Splunk unable be login to you mail ID to sent the alerts to Specified recipients.

Check the Two-Authentication Disabled or Not.
if it is mandatory you cannot disable it then you have an other option to create a app password for the login, you can use that Password instead of that Original Password.

Thank you.



0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-15-2022 02:03 PM

Have you configured Splunk to use a valid SMTP server?  Most companies have their own.  A "public" one such as outlook.com should require credentials.

Have you checked splunkd.log for errors?  Look for "sendemail".  It should be accompanied by a message explaining why Splunk could not send the message.  If there is no error then the email was dropped by the provider and you should work with your email admin.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...