I'm trying to send emails via a SMTP relay server (alias "smart host" or "smarthost" ). No authentication is needed and no encryption is supported. I added the following [sendemail] command to my /opt/splunk/etc/apps/search/local/commands.conf:
[sendemail] filename = sendemail.py streaming = false run_in_preview = false passauth = false required_fields = changes_colorder = false supports_rawargs = true undo_scheduler_escaping = true is_risky = true supports_multivalues = true use_ssl = false use_tls = false from = <email address> server = <relay server host name>:<port>
When I try the search as Splunk administrator from within the search app context
* | head 1 | sendemail to="<my email>" sendresults=true, then in the /opt/splunk/var/log/splunk/python.log occurs the error
ERROR sendemail:1341 - 'namespace'. The result gets shown in the Browser (one event).
Another application (not splunk) successfully sends emails via this relay server (from another host).
I don't find other configuration parameters in the documentation, that may help. Any suggestions what I have missed?
Could be a permission issue.. Are you running the sendemail command within the search app context ?
Also use the sendresults=true option:
... | sendemail to="email@example.com" sendresults=true
sry for the late response:
- in Splunk I'm logged in as Administrator
sendresults=true doesn't make a difference
- in the Browser, the result of the query is shown (one event)
@DavidHourani Do you have more suggestions? Is it possible at all to send mails via a SMTP relay server? "Smart Host" would be a synonym for "relay server".
imo it should work just like an SMTP server... all it does is forward the emails.. did you try connecting directly to your SMTP server, at least that way you can ensure that your configs are right. If that's validated then there could be an extra configuration to add for this "sendemail" to work.
You can also play around with the sendemail.py script (make sure to keep a backup first). If you're then able to send an email from the CLI with the script then Splunk should be able to do so as well..
We are now using a Microsoft Teams connector for pushing the notifications. So this is our "solution", although we did not manage to send emails via the relay server by using a python script.