I know this is a commonly asked question due to it's complexity, but I cannot figure out how to get emails to send via Splunk alert. I created a simple search to find a specific string and created an alert with the following: App: Search Permissions: Private. Owned by admin. Alert Type: Real-Time Trigger Condition: Per-Result Actions: Send email / Add to Triggered Alerts I see it being triggered, but it never sends the email. I've tried sending it to two different email addresses. One to my work email, and another to my phone as a text (phoneNumber@mms.att.net) and neither of them work. The trigger appears in the list though. I have tried multiple mail hosts in the configuration, but the current one is the default that appeared when I opened it: smtp-mail.outlook.com:587 Email security: I have tried all three options No user/pass currently configured Allowed Domains: mms.att.net Send Emails As: SplunkAlert@test.edu I've been sifting through the Splunk documentation for hours now and can't seem to get it right. Any ideas? Thanks ... View more

Hey all, Learning Splunk and I've tried to install a few apps to see how they work but none of them seem to be working. Currently running Splunk Enterprise 8.2.4 installed on Server 2019 and I've tried to install "RWI - Executive Dashboard" as well as "Splunk Dashboard Examples" When I open the "Examples" page of the latter, it is a completely blank white page. But the other three pages seem to work (Overview, Dashboards, Search). As for the RWI Dasshboard, if I click the "Continue to app setup page", it also takes me to a blank white screen where I can't do anything. I have tried Internet Explorer as well as Chrome for my browser and updated the server. Is there something simple I am missing to make apps work properly? Thanks! ... View more

Hello all, I'm am new to Splunk and installed the free Enterprise version to start learning to expand my skill set. I am able to install Splunk locally and monitor files on the computer it is installed on. However I am now wanting to try to monitor a remote computer. I have set up a test VM and was going to install the Universal Forwarder when it asked me for my Receiving Indexer. Obviously I cannot input the 127.0.0.1 for the IP, so I tried changing the IP where the Splunk server is running. Per the Splunk documentation, I changed the mgmtHostPort line in the web.conf from 127.0.0.1:8089 to 10.xx.xx.xx:8089. I also added the SPLUNK_BINDIP=10.xx.xx.xx to the splunk-launch.conf file. After doing this, I tried to restart Splunk and it timed out due with a entry in the log, "Could not bind to ip 10.xx.xx.xx port 8089". Ok - so I reverted all my changes to their default configuration and now when I try to log into Splunk, I get "500 Internal Server Error". Everything is as it was when it was first installed and I could log in, and I've also tried 3-4 times restarting the Splunk service on my PC. This is a Windows installation p.s. Any ideas? This happened last week and the only thing I could do to fix it was uninstall and reinstall Splunk. Is that the only fix for when Splunk acts up? Thanks! ... View more