Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What could be the issue for not receiving the mail from alert?

Ash1
Communicator
‎09-04-2023 05:17 PM

We have setup one alert which should trigger for every 1 hour

When we run the alert query it is showing up the results but we did not received mail

There is no diff in index and event time

In scheduler logs it is showing status as success but i don't see python logs and alert did not get fired

 

What could be the issue for not receiving the mail from alert.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

thahir
Contributor
‎09-04-2023 07:23 PM

Validate it through the below spl query

 

index=_internal | head 1 | sendemail to="name@my.email.domain" format="html" server=smtp.gmail.com:587 use_tls=1

 

0 Karma
Reply

thahir
Contributor
‎09-04-2023 07:20 PM

Have you Configured the smtp in the search head? 

Settings -> Server settings -> Email settings

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-04-2023 06:03 PM

If your alert has fired and has sent the email and it was not received, then look for any events in _internal

index=_internal sendemail

Is your Splunk server able to talk to the SMTP host it is trying to send email to - have you configured that server?

 

0 Karma
Reply

Ash1
Communicator
‎09-04-2023 07:04 PM

When i checked with index =_internal sendemail I don't see any logs

The email which we used to trigger alert is fine because every day alert triggers and we receive email this issue is happening suddenly like once in a week we are not receiving email

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-04-2023 07:48 PM

So you are saying sometimes you get the email and occasionally you do not get it.

Can you see examples of the sendemail in the internal logs for a successful email alert?

Do you have access to the _internal index?

0 Karma
Reply

Ash1
Communicator
‎09-07-2023 05:56 PM

Yes correct

And i saw the send email logs  for other alerts which I can see in internal logs. Looks good

But i don't see send email logs for this alert in internal logs 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...