Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why does Splunk Light 6.3.1 always try to send scheduled report emails to localhost, regardless of Mail Server Settings?

secomba
Engager
‎11-10-2015 02:49 AM

We are using Splunk Light 6.3.1. Regardless of which settings we set in Mail Server Settings, it always tries to send emails to localhost instead.

The Mail host is definitely set to a valid address, similar to foo.bar.com:587. Checking alert_actions.conf also confirms this.

We are trying to send mail via a scheduled hourly report.

From python.log:

ERROR   sendemail:115 - Sending email. subject="Splunk Report: Foo", results_link="http://splunk.domain.com:8000/app/search/@go?sid=scheduler__admin__search__Foo_at_1447151400_3", recipients="[u'user@domain.com']", server="localhost"
ERROR   sendemail:378 - [Errno 111] Connection refused while sending mail to: user@domain.com

Of course the connection is refused, mail should be sent to the defined mail server, not localhost!

Any ideas? Many thanks!

Reply

jterry
Splunk Employee
Splunk Employee
‎04-05-2016 09:50 AM

v6.4 doesn't seem to have this problem...

2016-04-04 17:42:11,121 -0700 ERROR sendemail:128 - Sending email. subject="Splunk Alert: test", results_link="http://host:8000/app/search/@go?sid=scheduler__admin__search__test_at_1459816800_5", recipients="[u'user@splunk.com']", server="10.123.123.123"
2016-04-04 17:42:11,121 -0700 ERROR sendemail:393 - [Errno 110] Connection timed out while sending mail to: user@splunk.com
04-04-2016 17:42:11.122 -0700 ERROR ScriptRunner - stderr from '/home/user/light/splunk/bin/python /home/user/light/splunk/etc/apps/search/bin/sendemail.py "results_link=http://host:8000/app/search/@go?sid=scheduler__admin__search__test_at_1459816800_5" "ssname=test" "graceful=True" "trigger_time=1459816801" results_file="/home/user/light/splunk/var/run/splunk/dispatch/scheduler_adminsearch_test_at_1459816800_5/results.csv.gz"': ERROR:root:[Errno 110] Connection timed out while sending mail to: user@splunk.com
Reply

atat23
Path Finder
‎09-28-2016 09:45 AM

I downvoted this post because not helpful, offer suggestions rather than saying you can't replicate it

0 Karma
Reply

secomba
Engager
‎07-14-2016 06:29 AM

Can't confirm, unfortunately. On here, Splunk 6.4.2 still tries localhost.

0 Karma
Reply

DavidHourani
Super Champion
‎02-05-2016 08:36 AM

I have the same problem! Did you manage to solve it ??

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...