Reporting

sendemail via SMTP relay server

frank_buettner
Explorer

Hi,

I'm trying to send emails via a SMTP relay server (alias "smart host" or "smarthost" [2]). No authentication is needed and no encryption is supported. I added the following [sendemail] command to my /opt/splunk/etc/apps/search/local/commands.conf:

[sendemail]
filename = sendemail.py
streaming = false
run_in_preview = false
passauth = false
required_fields =
changes_colorder = false
supports_rawargs = true
undo_scheduler_escaping = true
is_risky = true
supports_multivalues = true
use_ssl = false
use_tls = false
from = <email address>
server = <relay server host name>:<port>

When I try the search as Splunk administrator from within the search app context * | head 1 | sendemail to="<my email>" sendresults=true, then in the /opt/splunk/var/log/splunk/python.log occurs the error ERROR sendemail:1341 - 'namespace'. The result gets shown in the Browser (one event).

Another application (not splunk) successfully sends emails via this relay server (from another host).

I don't find other configuration parameters in the documentation[1], that may help. Any suggestions what I have missed?

Thanks
Frank

[1] https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchReference/Sendemail
[2] https://en.wikipedia.org/wiki/Smart_host

0 Karma
1 Solution

frank_buettner
Explorer

We are now using a Microsoft Teams connector for pushing the notifications. So this is our "solution", although we did not manage to send emails via the relay server by using a python script.

View solution in original post

0 Karma

frank_buettner
Explorer

We are now using a Microsoft Teams connector for pushing the notifications. So this is our "solution", although we did not manage to send emails via the relay server by using a python script.

0 Karma

DavidHourani
Super Champion

Could be a permission issue.. Are you running the sendemail command within the search app context ?
Also use the sendresults=true option: ... | sendemail to="elvis@splunk.com" sendresults=true

0 Karma

frank_buettner
Explorer

@DavidHourani Do you have more suggestions? Is it possible at all to send mails via a SMTP relay server[1]? "Smart Host" would be a synonym for "relay server".

[1]
https://en.wikipedia.org/wiki/Smart_host

0 Karma

DavidHourani
Super Champion

imo it should work just like an SMTP server... all it does is forward the emails.. did you try connecting directly to your SMTP server, at least that way you can ensure that your configs are right. If that's validated then there could be an extra configuration to add for this "sendemail" to work.

You can also play around with the sendemail.py script (make sure to keep a backup first). If you're then able to send an email from the CLI with the script then Splunk should be able to do so as well..

0 Karma

frank_buettner
Explorer

Yes, I'm using the sendemail command within the search app context.

0 Karma

frank_buettner
Explorer

sry for the late response:
- in Splunk I'm logged in as Administrator
- sendresults=true doesn't make a difference
- in the Browser, the result of the query is shown (one event)

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...