In the Readme.md in app, there is the debug search command:
index=_internal sourcetype=splunkd sendmodalert action=sendxlsresults_alert STDERR | eval logmsg=substr(_raw,89)
| append [search index=_internal source="/opt/splunk/var/log/splunk/sendxlsresults.log" | eval logmsg=_raw]
| table _time,logmsg | reverse
Then, juct check the message in the results.
After I delete the Chinese characters in previous step, my error message shows me that the following informations:
That's obvious that I had an error in connection to mail server, but I can send alert via splunk Email sender. Maybe I will spend a few time on it.
... View more