- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- Why is this alert not sending emails?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is this alert not sending emails?
Hello,
I am new in Splunk and apologize if this problem was somewhere solved, and for my english too.
The problem is that alert triggers normally, but don't send email
The error message in logs
"12-04-2020 10:23:44.791 +0300 WARN Pathname - Pathname 'C:\Program Files\Splunk\bin\Python3.exe C:\Program Files\Splunk\etc\apps\search\bin\sendemail.py "results_link=http://***:8000/app/search/@go?sid=rt_scheduler__admin__search__RMD59adeaae1a7c6404f_at_1607065450_42.22" "ssname=Authentification failure" "graceful=True" "trigger_time=1607066624" results_file="C:\Program Files\Splunk\var\run\splunk\dispatch\rt_scheduler__admin__search__RMD59adeaae1a7c6404f_at_1607065450_42.22\results.csv.gz" "is_stream_malert=False"' larger than MAX_PATH, callers: call_sites=[0xca9a9d, 0xcab8c1, 0x14e61c2, 0x14e2f4d, 0x13677b3, 0x12f9276, 0x6b69d5, 0x6b5ffe, 0x6a4532, 0xa6142f, 0xd1ae0e]
12-04-2020 10:24:11.364 +0300 ERROR ScriptRunner - stderr from 'C:\Program Files\Splunk\bin\Python3.exe C:\Program Files\Splunk\etc\apps\search\bin\sendemail.py "results_link=http://***:8000/app/search/@go?sid=rt_scheduler__admin__search__RMD59adeaae1a7c6404f_at_1607065450_42.22" "ssname=Authentification failure" "graceful=True" "trigger_time=1607066624" results_file="C:\Program Files\Splunk\var\run\splunk\dispatch\rt_scheduler__admin__search__RMD59adeaae1a7c6404f_at_1607065450_42.22\results.csv.gz" "is_stream_malert=False"': ERROR:root:[WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond while sending mail to: ***@***.ru"
alert_actions.conf:
[email]
auth_password = ***
auth_username = ***@gmail.com
pdf.header_left = none
pdf.header_right = none
use_tls = 1
mailserver = smtp.gmail.com:587
I've tried to use ssl as tls, tried to use different ports (587 and 465)
In gmail settings I have enabled IMAP access and allowed to use secure apps.
So you have any idea what the problem could be?
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
uuuuup
still actual
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
up
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
up
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Update:
I'm using proxy, may it be the problem?
When I've configured telegram notification I did note in server.conf
[proxyConfig]
http_proxy=***:8080
and it works, email still not
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ,
I am also getting same error in Splunkd.log . email report is not working.
tried to change the App permission and sharing - no luck
Tried editing the report -no luck
But when i clone the report with Another user who has admin privilege's , the new report is sending mail perfectly . I don't understand what got changed when cloning the report .
so this related to any Bug in splunk ?
I am using splunk 8.2.2.1 enterprise
Appreciate you comments
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
