Yeap the IP 100.200.300.400 is just a fake IP i gave as an example.
im running the splunk on linux instance, and have left the mail server as blank.
Do i need to configure anything on splunk to enable sending mail? or would it be enabled by default?
Apologies if the questions seem rather noobish, but i've inherited a splunk setup without prior knowledge.
Running the command index=_internal sendmail you gave showed no errors.
However i'm not sure what the logs are deciphering :
07-31-2018 09:37:34.928 +0800 INFO StreamedSearch - Streamed search search starting: search_id=remote_server_1533001054.153589, server=SearchHead, active_searches=2, search='litsearch ( index=_internal sendmail ) | fields keepcolorder=t "*" "_bkt" "_cd" "_si" "host" "index" "linecount" "source" "sourcetype" "splunk_server" | remotetl nb=300 et=1532912400.000000 lt=1533001054.000000 remove=true max_count=1000 max_prefetch=100', remote_ttl=600, apiStartTime='Mon Jul 30 09:00:00 2018', apiEndTime='Tue Jul 31 09:37:34 2018', savedsearch_name=""
`
By the way is is possible to use the sendemail without SMTP?
Like can i refer the mailhost to the splunk indexer?
... View more