Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

AuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action;

impurush
Contributor
‎10-30-2020 10:02 AM

I am trying to send an email with the help of the make results command in the splunk search but I am not receiving the email and getting the below error.

Error:

2020-10-30 12:45:21,129 -0400 ERROR sendemail:1428 - [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8289/servicesNS/admin/cams/search/jobs/subsearch_asfd29470124adsfa319841023e?outpu...
Traceback (most recent call last):
File "/app/splunk/etc/apps/search/bin/sendemail.py", line 1421, in <module>
results = sendEmail(results, settings, keywords, argvals)
File "/app/splunk/etc/apps/search/bin/sendemail.py", line 400, in sendEmail
jobResponseHeaders, jobResponseBody = simpleRequest(uriToJob, method='GET', getargs={'output_mode':'json'}, sessionKey=sessionKey)
File "/app/splunk/lib/python2.7/site-packages/splunk/rest/__init__.py", line 559, in simpleRequest
raise splunk.AuthorizationFailed(extendedMessages=uri)
AuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8289/servicesNS/admin/cams/search/jobs/subsearch_asdfasljfd9147192034ejdlajff?outp...

Query
<My query>
| map search="| makeresults
| eval attribute=\"$value$\"
| table attribute
| sendemail to=\"myemail@id.com\"
content_type=\"html\"
message=\"Test message\""

Any help would be appreciated and Thanks in advance.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

impurush
Contributor
‎11-03-2020 05:51 AM

I have found the workaround solution and thanks to @ayush1906  for pointing out the right one.
Attaching the link below for the solution and marking as the right solution to close this thread.


https://community.splunk.com/t5/Alerting/Send-same-email-alert-to-different-email-ids-based-on-a/m-p...

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

impurush
Contributor
‎11-03-2020 05:51 AM

I have found the workaround solution and thanks to @ayush1906  for pointing out the right one.
Attaching the link below for the solution and marking as the right solution to close this thread.


https://community.splunk.com/t5/Alerting/Send-same-email-alert-to-different-email-ids-based-on-a/m-p...

 

0 Karma
Reply
Solved! Jump to solution

impurush
Contributor
‎11-02-2020 11:34 AM

Looks like this is a known issue SPL-169625 which will be fixed in a later version.
I will close this thread if I get any workaround solution.
Please let me know if you have come across this issue and a workaround.

0 Karma
Reply
Solved! Jump to solution

impurush
Contributor
‎11-02-2020 06:23 AM

Additionally, I tried to create a new user and assigned all the capabilities.
Then I tried to run the query or search from the user, but still, I got the same issue.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎10-30-2020 10:57 AM

Depending on which version of Splunk you're using, you may need the admin_all_objects capability to use the sendemail command.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

impurush
Contributor
‎10-30-2020 11:09 AM

Hi @richgalloway 

I am currently using Splunk Enterprise 8.0.1 and I login as an admin user.
I have verified that the capability is assigned to this role but still it does not working.
However, the sendemail command is working when I used straight forward which means as below:

<my query>
| sendemail <details>

But I am getting the error in the python log when I use it in makeresults command as I mentioned in the initial question.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...