- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Reporting
- :
- Sending Email using sendemail works, but not from ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sending Email using sendemail works, but not from scheduled search
Hello,
I'm trying to configure a splunk server to send alerts via email. However, I can't seem able to make it work correctly.
The funny thing is that if I try a splunk search from the GUI with the "sendemail" command, it works fine and I get the email, but if I try to schedule the same search, emails don't arrive.
I have checked all the logs, and everything seems to be ok, I don't see any errors or whatever.
Anyone have faced something like this? What else can I troubleshoot to see where the problem is?
Thanks in advance for your help.
Best regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the opposite problem. Works from scheduled search, not from the script.
By adding debug to sendemail.py I can confirm that when running from sendemail, it doesn't pick up the config that was set using the GUI. When running from scheduled search, it does.
Strangely, I have two saved searches - one uses a value for action.email.mailserver from users/ben363/search/local/savedsearches.conf. The other saved search (same file) doesn't have that value - it uses the value from system/local/alert_actions.conf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I also have the same issue. Would be nice to know if this is a bug or works as designed?
Maybe it would interfere with the scheduled search/alert mailing functionality? Functionality is almost identical, however, in the scheduled search mail alerting, one cannot set the mail sender (from). This is always the globaly definied mail sender. So a working sendemail command in scheduled searches would be helpful.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am facing the same problem. Sendmail command is not working with scheduled reports. I do not have "username" anywhere in my search. Can you tell how this was resolved at your end?
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had this problem when the following string was somewhere in my search:
username=
The sendemail.py script was not properly escaping the search string, and that part of my search was actually changing the username field within sendemail.py, causing it to try authenticating to the SMTP server. (You can see the authentication errors in /opt/splunk/var/log/splunk/python.log ). I was able to fix it by using something other than username in my search.
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
