- Splunk Answers
- :
- Using Splunk
- :
- Reporting
- :
- Re: sendemail returned error code 1
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whenever I attempt to pipe results to the sendemail function, I get the following error:
External search command 'sendemail' returned error code 1.
Here's an example of the command I use:
error OR failure OR severe | sendemail to=myemail sendresults=true server=mysmtpgateway from=myemail format=text
I can confirm via direct telnet that my smtpgateway server is responding and accepting emails. Ideas? What does error code 1 mean in this context? Is this a python problem? Where can I look for more log details? (I've set "EmailSender" log level to DEBUG but I'm not sure how to find the output.)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We were having the same problem with sendemail not working after upgrading to 4.3 and stayed broken in 4.3.1. After much troubleshooting, I discovered that the issue was with one of the new features in 4.3 which allowed each user in Splunk to set what timezone they are in. After the upgrade, I had changed my timezone to try the new feature, and didn't realize that it immediately broke sendemail. So, I changed my timezone back to default under Manager->Your Account, and sendemail worked again.
This bug has been reported to Splunk support and will hopefully get fixed in a future release.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi you may have encountered this new bug
SPL-48993 "Windows 2008 - sendemail fails if user is not using default server timezone "
The user running the search is using a different timezone than the server, see manager > your account
It produces this error in splunkd.log
03-05-2012 16:07:45.240 -0500 ERROR ScriptRunner - stderr from 'D:\Program Files\Splunk\etc\apps\search\bin\sendemail.py': ImportError: DLL load failed: %1 is not a valid Win32 application.
03-05-2012 16:07:45.490 -0500 ERROR script - External search command 'sendemail' returned error code 1.
The fix is not yet available,
the temporary workarounds are to :
- change the timezone for the user running those searches to "default system timezone"
- or schedule the email alerts from another splunk search-head, on another OS (not Windows 2008) or another version (not 4.3.* )
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the update to this issue. We ended up moving Splunk from Windows to Ubuntu for other reasons, but it's nice to know the cause and a temporary workaround.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We were having the same problem with sendemail not working after upgrading to 4.3 and stayed broken in 4.3.1. After much troubleshooting, I discovered that the issue was with one of the new features in 4.3 which allowed each user in Splunk to set what timezone they are in. After the upgrade, I had changed my timezone to try the new feature, and didn't realize that it immediately broke sendemail. So, I changed my timezone back to default under Manager->Your Account, and sendemail worked again.
This bug has been reported to Splunk support and will hopefully get fixed in a future release.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried calling the sendemail.py directly and I'm getting library import errors:
D:\Splunk\etc\apps\search\bin>python sendemail.py
Traceback (most recent call last):
File "sendemail.py", line 2, in
import re,sys,time,logging,splunk.Intersplunk, splunk.mining.dcutils as dcu
.
.
.
File "D:\Splunk\Python-2.7\lib\site-packages\splunk\clilib\cli_common.py", line 6, in
import lxml.etree as etree
ImportError: DLL load failed: %1 is not a valid Win32 application.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are having the same problem.
Splunk 4.3, Windows 2008 R2 fully patched. Splunk is running as a domain user with local admin privileges (even added all the security privileges required). Splunk's installed on the 😧 drive.
When I pipe results to 'sendemail' with all the appropriate settings I receive:
"External search command 'sendemail' returned error code 1."
We've rebuilt the OS, and even installed Splunk on a Windows 7 VM and the 'sendemail' command works just fine.
The 'splunkd.log' contains the following:
02-16-2012 10:40:26.759 -0800 ERROR
ScriptRunner - stderr from
'D:\Splunk\etc\apps\search\bin\sendemail.py':
ImportError: No module named site
02-16-2012 10:40:26.759 -0800 ERROR
ScriptRunner - extern write error:
errno=The pipe is being closed.
02-16-2012 10:40:26.790 -0800 ERROR
script - External search command
'sendemail' returned error code 1.
I added a 'PYTHONPATH' env. variable and pointed it to D:\Splunk\Python-2.7\lib, which caused the logged errors to change. Definitely something strange going on with the Python environment.
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
