Yes. I tried using -
index=main | head 5 | sendemail to=xxxx server=xxxx subject="Here is an email notification" message="This is an example message" sendresults=true inline=true format=raw sendpdf=true
this throws error-
command="sendemail", (553, 'Invalid sender', 'splunk@searchheadservername') while sending mail to: xxx@xxx.xxx
But when I explicitly say from it sends email fine -
index=main | head 5 | sendemail to=xxxx server=xxxx from=yyyy subject="Here is an email notification" message="This is an example message" sendresults=true inline=true format=raw sendpdf=true
I did restart Splunk few times, after setting up the right "from" and email server values. I have to try btool yet.
... View more