Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

After migrating Splunk 6.3.2 from Red Hat 5 to Red Hat 6, why am I getting "connection refused" errors trying to send an email?

ezajac
Path Finder
‎02-25-2016 06:20 AM

I am setting up Splunk 6.3.2 to run on a new Red Hat 6 server and migrated from a Red Hat 5 server. I installed Splunk using the 6.3.2 rpm and Splunk works fine. I tar'd the contents of /etc on the old RH5 server and untar'd them on the new RH6 server. I have done this in the past with no issues (RH5 to RH5). Email is the only thing not working, and in the ~splunk_home/var/log/python.log I see a bunch of Connection Errors when trying to send email. What did I do wrong here when converting?

16-02-25 09:09:13,810 -0500 ERROR     sendemail:378 - [Errno 111] Connection refused while sending mail to: userid@domain.com
2016-02-25 09:10:46,042 -0500 INFO      sendemail:985 - sendemail pdfService = pdfgen
2016-02-25 09:10:46,043 -0500 INFO      sendemail:1117 - sendemail:mail effectiveTime=1456409400
2016-02-25 09:10:47,330 -0500 INFO      sendemail:1137 - Generated PDF for email
2016-02-25 09:10:47,407 -0500 ERROR     sendemail:115 - Sending email. subject="Splunk Alert: Distributed_Alert_MI_(Disk Percent Free)", results_link="http://tlpsplu1:8000/app/search/@go?sid=scheduler__userid__search__RMD5ac90a8a41fbc3d92_at_1456409400_33993", recipients="[u'userid@domain.com']", server="tlpsplu1.domain.net"
2016-02-25 09:10:47,407 -0500 ERROR     sendemail:378 - [Errno 111] Connection refused while sending mail to: userid@domain.com
2016-02-25 09:11:15,807 -0500 INFO      sendemail:985 - sendemail pdfService = pdfgen
2016-02-25 09:11:15,808 -0500 INFO      sendemail:1117 - sendemail:mail effectiveTime=1456409460
2016-02-25 09:11:17,099 -0500 INFO      sendemail:1137 - Generated PDF for email
2016-02-25 09:11:17,214 -0500 ERROR     sendemail:115 - Sending email. subject="Splunk Alert: Distributed_Alert_MI_(Disk Percent Free)", results_link="http://tlpsplu1:8000/app/search/@go?sid=scheduler__userid__search__RMD5ac90a8a41fbc3d92_at_1456409460_34020", recipients="[u'userid@domain.com']", server="tlpsplu1.domain.net"
0 Karma
Reply

hemendralodhi
Contributor
‎03-06-2016 05:16 PM

As stated above, you need to check the connectivity from new server to your mail server possibly on port 25.Check the email setting in old server. Try to run the mail command manually from search and see if it is working.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-25-2016 06:54 AM

Perhaps a firewall is blocking connections from the RH6 server to the email server. Or the email server doesn't recognize the RH6 server and is refusing connections from it.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...