Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need help with configuration for email alert

bella
Loves-to-Learn Lots
‎03-17-2022 11:21 PM

I need some help to check configure send email, and I still have not received the email alert in my mailbox. The alert is already triggered as I can see that in the "triggered alerts" section.
when i configure like this,and saved.

bella_0-1647584192949.png

then i open again, username,passward is gone,

bella_1-1647584273553.png

 

Labels (3)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 01:03 AM

Hi @bella,

I suppose that you already checked that the route between your Search Head and eMail, if not, make it.

Anyway, I cannot completely understand your screenshot because I see Japanese chars, anyway, the first step is to check the eMail parameters: 

  • url,
  • port,
  • TLS,
  • user needed or not,
  • eventually user and password.

Then check if the message and the attachment is big.

At least, you can see the Splunk logs in %SPLUNK_HOME/var/log/splunk/splunkd.log or in _internal index, searching mail errors.

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 01:09 AM

i can see some error ,like this:

bella_0-1647590953911.png

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 01:17 AM

Hi @bella,

the message says that there's an error in sendmail.

What about the other checks?

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 02:02 AM

i find the configuration,like this:

bella_0-1647594133726.png

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 02:04 AM

Hi @bella,

did you checked these parameters are the correct ones for your eMail system?

what about routes? usually this is the first problem.

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 03:42 AM

Hi,

I've tested it. The SMTP account is OK. Now I'm a little confused

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-18-2022 04:16 AM

hi @bella,

did you tried the connection (using telnet) from the Splunk server to the eMail server on the used port?

Ciao.

Giuseppe

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-21-2022 12:00 AM

Hi,@gcusello

I changed the version of splunk from 8.0.6 to 8.2.5, before i test in  version 8.0.6,they all fail, when i test in  version 8.2.5,it is success.

thank you !

bella

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-21-2022 12:47 AM

Hi @bella,

good for you, please accept one answer for the other people of Community, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply

bella
Loves-to-Learn Lots
‎03-18-2022 01:38 AM

Hi,@gcusello,
I test many times:
smtp.qiye.aliyun:25
null
username:null
password:null

OR

smtp.qiye.aliyun:465
SSL
username:xxxxx@vskysoft.com
password:xxxyyyy
password confirm:xxxyyyy

they all false.
when i configure username,password, saved. then i open again, username,password all gone.
like i first screenshot; I really don't understand why I can't save my configuration. where i can see my configuration in config?

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...