I'm running the following search in order to test my email settings (I've obfuscated the email address)
and I'm getting this error:
command="sendemail", [Errno 111] Connection refused while sending mail to: user@domain.com
Is there a log that has more details, or a more verbose response? The email config and credentials are being used elsewhere to send mail successfully.
Thanks,
Todd
Hi toddles666
this means that the sendemail script was not able to use your mailserver. The sendemail script uses by default localhost as mailserver (set by argument server= ). This can have multiple reasons like firewall blocking or mail server refusing to accept your request or no email process/server running on localhost. Check with your network/mailserver admin.
hope this helps ...
Is your splunk instance is in the cloud? because emails goes from one server to anothers you will not be able to send emails until your splunk instance is hosted.
Thanks
A little more detail: The Splunk server is hosted on an AWS EC2 instance. I want to use the AWS Simple Email Service (that is successfully being used elsewhere in my VPC) to send email. The "Mail Server Settings" in the Splunk config has been configured with the AWS SES host, port, and credentials. These settings are correct as I can send email using the email host, port, and credentials from a shell session on the instance hosting the Splunk server. So:
Is there any way I can further test or get better logging from Splunk itself?
Thanks,
Todd
Are you sure that your query is correct? Complete it as follows and let me know the result.
| sendemail to=user@mydomain.com format=html server=my.server.net from=Splunk.Alert@mydomain.com sendresults=true subject="search email test" message=search_results
are u doing this went you are connected locally because you needn to connected through internet to able to send mail