index=cisco_asa src_ip!=10.* src_ip!=172.* src_ip!=192.* action=allowed | stats count by src_ip,dest_ip,dest_port | head 10 | sendemail to="splunk.mtlk@gmail.com" content_type=html subject=myresults sendresults=true inline=true sendpdf=true server="smtp.gmail.com:587" use_tls=true
I'm executing this query but getting error command="sendemail", (535, '5.7.3 Authentication unsuccessful') while sending mail to: splunk.mtlk@gmail.com
Under Server --> Email configuration: (local\alert_actions.conf)
[email]
auth_password = ******
auth_username = splunk.mtlk@gmail.com
mailserver = smtp.gmail.com:587
pdf.header_left = none
pdf.header_right = pagination
use_ssl = 0
use_tls = 1
from = Splunk Administrator
sslVersions = *
options tried: "ssl3", "tls1.0", "tls1.1", and "tls1.2".
* The special version "*" selects all supported versions. The version "tls"
selects all versions tls1.0 or newer.
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Alertactionsconf
But SPL works when I execute
index=cisco_asa src_ip!=10.* src_ip!=172.* src_ip!=192.* action=allowed | stats count by src_ip,dest_ip,dest_port | head 10 | sendemail to="splunk.mtlk@gmail.com" content_type=html subject=myresults sendresults=true inline=true sendpdf=true server="smtp.gmail.com:25"
Under Server --> Email configuration: (local\alert_actions.conf)
[email]
auth_password = ******
auth_username = splunk.mtlk@gmail.com
mailserver = smtp.gmail.com
pdf.header_left = none
pdf.header_right = pagination
use_ssl = 0
use_tls = 1
But in both email configuration type; the scheduled alert is not working and don't get mails whereas the report is available to download in the Searches, reports, and alerts.
Note: I'm replacing company domain with gmail. I'm using "sendmail" to test alert.manually
... View more