From scheduler.log:
03-15-2018 10:53:02.185 +0000 INFO SavedSplunker - savedsearch_id="nobody;search;Multiple Failed logon attempts alert", search_type="scheduled", user="admin", app="search", savedsearch_name="Multiple Failed logon attempts alert", priority=default, status=success, digest_mode=1, scheduled_time=1521110880, window_time=0, dispatch_time=1521110880, run_time=0.203, result_count=2, alert_actions="email", sid="scheduler_adminsearch_RMD5cf1e87219f408a1a_at_1521110880_14", suppressed=0, thread_id="AlertNotifierWorker-1"
splunkd.log:
03-15-2018 10:53:01.642 +0000 WARN ScriptRunner - Killing script, probably timed out, grace=5sec, script="C:\Program Files\Splunk\bin\PYTHON.EXE C:\Program Files\Splunk\etc\apps\search\bin\sendemail.py "results_link=http://SOUTH-SEC-01:8000/app/search/@go?sid=scheduler__admin__search__RMD5cf1e87219f408a1a_at_1521110880_14" "ssname=Multiple Failed logon attempts alert" "graceful=True" "trigger_time=1521110881" results_file="C:\Program Files\Splunk\var\run\splunk\dispatch\scheduler_adminsearch_RMD5cf1e87219f408a1a_at_1521110880_14\results.csv.gz""
03-15-2018 10:53:02.185 +0000 ERROR script - sid:scheduler_adminsearch_RMD5cf1e87219f408a1a_at_1521110880_14 Script execution failed for external search command 'sendemail'
... View more
