Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

remote report/alert sends email

gitingua
Communicator
‎07-13-2021 02:25 AM

Deleted the schedule report/alert. 
They keep sending letters to the post office. They are not in the system. empty reports come from deleted scheduled reports. 

Thanks

Labels (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-13-2021 06:42 AM

How did you delete the alert?  If you edited savedsearches.conf then did you also restart Splunk?

If you have multiple Splunk instances did you remove the alert from all of them?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

gitingua
Communicator
‎07-13-2021 07:33 AM

@richgalloway Searches, reports, and alerts -> my alert/report -> edit -> delete

checked in savedsearches.conf file, there they are also absent. they are absent at all. 

 

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎07-19-2021 03:31 AM

which savedsearches.conf have you checked? There can be multiple savedsearches.conf files depending on the app context and on the permissions set. Have you tried running a btool?

./splunk btool savedsearches list --debug | grep <the info your looking for>

 

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma
Reply

gitingua
Communicator
‎07-19-2021 04:07 AM

today also received a message from a remote scheduled report.

but deleted already as 2-3 weeks ago

0 Karma
Reply

gitingua
Communicator
‎07-19-2021 03:58 AM

Nothing found

 

Preview file
26 KB
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-13-2021 08:44 AM

Is it possible someone cloned the alert and that clone is sending the emails? Try searching savedsearches.conf for the email address.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

gitingua
Communicator
‎07-13-2021 09:41 AM

@richgalloway he is nowhere to be found

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-13-2021 10:03 AM

Have you tried restarting Splunk?  It shouldn't be necessary, but perhaps it will help.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

gitingua
Communicator
‎07-14-2021 01:01 AM

@richgalloway tried it, didn't help

0 Karma
Reply

gitingua
Communicator
‎07-13-2021 07:35 AM

@richgalloway But messages with reports come to the mail

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...