Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to send email using 'sendemail' command

jaredloo
New Member
‎01-21-2019 01:03 AM

I'm trying to use the Splunk CLI to send out an email using the following search:

/opt/splunk/bin/splunk search "host=192.168.0.173 source="/var/log/secure" for * from * earliest=-59m latest=now | sendemail to="jared99@gmail.com" format="html" server=smtp.gmail.com:587 use_tls=1"

I have tested the first part of the command (before the '|' pipe) and it definitely works. However, it seems like no email is actually being sent.

Upon inspecting /opt/splunk/var/log/splunk/python.log, I see the following error:

2019-01-21 16:55:37,975 +0800 ERROR     sendemail:1341 - 'action.email.sendresults'

Inspecting /opt/splunk/etc/apps/search/bin/sendemail.py only reveals that the region around line number 1341 contains the following code:

 1326  def getAlertActions(sessionKey):
  1327      settings = None
  1328      try:
  1329          settings = entity.getEntity('/configs/conf-alert_actions', 'email', sessionKey=sessionKey)
  1330
  1331          logger.debug("sendemail.getAlertActions conf file settings %s" % settings)
  1332      except Exception as e:
  1333          logger.error("Could not access or parse email stanza of alert_actions.conf. Error=%s" % str(e))
  1334
  1335      return settings
  1336
  1337  results, dummyresults, settings = splunk.Intersplunk.getOrganizedResults()
  1338  try:
  1339      results = sendEmail(results, settings)
  1340  except Exception, e:
  1341      logger.error(e)
  1342  splunk.Intersplunk.outputResults(results)

Would appreciate if anyone could shed some light on how to get this working. Many thanks in advance!

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-21-2019 06:45 AM

You should find more details in splunkd.log and in the search log (via Job Inspector).

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...