Splunk sendemail fails [Errno 99] with mailserver smtp.gmail.com
From /opt/splunk/var/log/splunk/python.log:
2018-11-12 14:29:08,776 +0000 ERROR sendemail:137 - Sending email. subject="Splunk Alert: Errors in develop", results_link="https://localhost:8000/app/search/@go?sid=rt_scheduler__admin__search__RMD58e26482826eced90_at_1542024571_26.426", recipients="[u'my_email@gmail.com']", server="localhost"
2018-11-12 14:29:08,776 +0000 ERROR sendemail:458 - [Errno 99] Cannot assign requested address while sending mail to: my_email@gmail.com
My /opt/splunk/etc/system/local/alert_actions.conf:
[email]
auth_password = XXX
auth_username = my_email@gmail.com
hostname = localhost
mailserver = smtp.gmail.com:465
pdf.header_left = none
pdf.header_right = none
use_ssl = 1
I also tried smtp.gmail.com:587 with use_ssl = 0 use_tls = 1, got same error in both cases.
However, when trying to send mail directly from search, it works as expected:
... | sendemail to="my_email@gmail.com" format=raw sendresults=1 footer="Sent from Splunk." from="SplunkAlerts" subject="Splunk Alert" message="The following Splunk Alert has been fired:"
what configuration am I missing? errno 99 is EADDRNOTAVAIL , not clear what is not available, is it the server="localhost" in the error log? where should I set it?
smtp splunk mail-server
asked Nov 12 '18 at 15:04
MugenMugen
1,76022045
add a comment |
From /opt/splunk/var/log/splunk/python.log:
2018-11-12 14:29:08,776 +0000 ERROR sendemail:137 - Sending email. subject="Splunk Alert: Errors in develop", results_link="https://localhost:8000/app/search/@go?sid=rt_scheduler__admin__search__RMD58e26482826eced90_at_1542024571_26.426", recipients="[u'my_email@gmail.com']", server="localhost"
2018-11-12 14:29:08,776 +0000 ERROR sendemail:458 - [Errno 99] Cannot assign requested address while sending mail to: my_email@gmail.com
My /opt/splunk/etc/system/local/alert_actions.conf:
[email]
auth_password = XXX
auth_username = my_email@gmail.com
hostname = localhost
mailserver = smtp.gmail.com:465
pdf.header_left = none
pdf.header_right = none
use_ssl = 1
I also tried smtp.gmail.com:587 with use_ssl = 0 use_tls = 1, got same error in both cases.
However, when trying to send mail directly from search, it works as expected:
... | sendemail to="my_email@gmail.com" format=raw sendresults=1 footer="Sent from Splunk." from="SplunkAlerts" subject="Splunk Alert" message="The following Splunk Alert has been fired:"
what configuration am I missing? errno 99 is EADDRNOTAVAIL , not clear what is not available, is it the server="localhost" in the error log? where should I set it?
smtp splunk mail-server
asked Nov 12 '18 at 15:04
MugenMugen
1,76022045
add a comment |
From /opt/splunk/var/log/splunk/python.log:
2018-11-12 14:29:08,776 +0000 ERROR sendemail:137 - Sending email. subject="Splunk Alert: Errors in develop", results_link="https://localhost:8000/app/search/@go?sid=rt_scheduler__admin__search__RMD58e26482826eced90_at_1542024571_26.426", recipients="[u'my_email@gmail.com']", server="localhost"
2018-11-12 14:29:08,776 +0000 ERROR sendemail:458 - [Errno 99] Cannot assign requested address while sending mail to: my_email@gmail.com
My /opt/splunk/etc/system/local/alert_actions.conf:
[email]
auth_password = XXX
auth_username = my_email@gmail.com
hostname = localhost
mailserver = smtp.gmail.com:465
pdf.header_left = none
pdf.header_right = none
use_ssl = 1
I also tried smtp.gmail.com:587 with use_ssl = 0 use_tls = 1, got same error in both cases.
However, when trying to send mail directly from search, it works as expected:
... | sendemail to="my_email@gmail.com" format=raw sendresults=1 footer="Sent from Splunk." from="SplunkAlerts" subject="Splunk Alert" message="The following Splunk Alert has been fired:"
what configuration am I missing? errno 99 is EADDRNOTAVAIL , not clear what is not available, is it the server="localhost" in the error log? where should I set it?
smtp splunk mail-server
asked Nov 12 '18 at 15:04
MugenMugen
1,76022045
From /opt/splunk/var/log/splunk/python.log:
2018-11-12 14:29:08,776 +0000 ERROR sendemail:137 - Sending email. subject="Splunk Alert: Errors in develop", results_link="https://localhost:8000/app/search/@go?sid=rt_scheduler__admin__search__RMD58e26482826eced90_at_1542024571_26.426", recipients="[u'my_email@gmail.com']", server="localhost"
2018-11-12 14:29:08,776 +0000 ERROR sendemail:458 - [Errno 99] Cannot assign requested address while sending mail to: my_email@gmail.com
My /opt/splunk/etc/system/local/alert_actions.conf:
[email]
auth_password = XXX
auth_username = my_email@gmail.com
hostname = localhost
mailserver = smtp.gmail.com:465
pdf.header_left = none
pdf.header_right = none
use_ssl = 1
I also tried smtp.gmail.com:587 with use_ssl = 0 use_tls = 1, got same error in both cases.
However, when trying to send mail directly from search, it works as expected:
... | sendemail to="my_email@gmail.com" format=raw sendresults=1 footer="Sent from Splunk." from="SplunkAlerts" subject="Splunk Alert" message="The following Splunk Alert has been fired:"
what configuration am I missing? errno 99 is EADDRNOTAVAIL , not clear what is not available, is it the server="localhost" in the error log? where should I set it?
smtp splunk mail-server
smtp splunk mail-server
asked Nov 12 '18 at 15:04
MugenMugen
1,76022045
asked Nov 12 '18 at 15:04
MugenMugen
1,76022045
edited Nov 12 '18 at 15:30
Mugen
asked Nov 12 '18 at 15:04
MugenMugen
1,76022045
asked Nov 12 '18 at 15:04
MugenMugen
1,76022045
asked Nov 12 '18 at 15:04
MugenMugen
1,76022045
1,76022045
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
In your config, you need to use server=, not mailserver.
https://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/Sendemail
Please note that often Gmail will be finicky about trying to send email through it this way, and I tend to avoid it if possible. Do you have a local mail server configured?
answered Nov 12 '18 at 21:15
Simon DuffSimon Duff
1315
the config was generated by splunk web.. anyway when editing it manually and adding alsoserver = smtp.gmail.com:465, its still showinglocalhostin the error log
– Mugen
Nov 13 '18 at 8:17
See the solution posted here, answers.splunk.com/answers/548703/…
– Simon Duff
Nov 14 '18 at 1:50
I don't have any localsavedsearches.conf, nor would I would to define a[savedsearch-name]in config per alert, unless there was some automatic generation
– Mugen
Nov 14 '18 at 8:32
add a comment |
For the meantime I'm using the following script as a workaround:
temp="/tmp/results_$(date -u +%s).csv"
gunzip < $8 > $temp
printf "$1 alarming logs were found by $4n$6" |
SMTP_URL='smtps://my_email%40gmail.com:password@smtp.gmail.com' mutt
-F /dev/null
-e 'set from="Splunk <my_email@gmail.com>"'
-e 'set smtp_url=$SMTP_URL'
-s "Splunk: $4"
-a $temp --
target@gmail.com
rm -rf $temp
at $SPLUNK_HOME/bin/scripts/sendmail.sh
answered Nov 14 '18 at 11:26
MugenMugen
1,76022045
actually a better workaround was to edit the contents of/opt/splunk/etc/apps/search/bin/sendemail.py, not sure what in configuration is not read correctly
– Mugen
Nov 15 '18 at 7:50
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53264898%2fsplunk-sendemail-fails-errno-99-with-mailserver-smtp-gmail-com%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
In your config, you need to use server=, not mailserver.
https://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/Sendemail
Please note that often Gmail will be finicky about trying to send email through it this way, and I tend to avoid it if possible. Do you have a local mail server configured?
answered Nov 12 '18 at 21:15
Simon DuffSimon Duff
1315
the config was generated by splunk web.. anyway when editing it manually and adding alsoserver = smtp.gmail.com:465, its still showinglocalhostin the error log
– Mugen
Nov 13 '18 at 8:17
See the solution posted here, answers.splunk.com/answers/548703/…
– Simon Duff
Nov 14 '18 at 1:50
I don't have any localsavedsearches.conf, nor would I would to define a[savedsearch-name]in config per alert, unless there was some automatic generation
– Mugen
Nov 14 '18 at 8:32
add a comment |
In your config, you need to use server=, not mailserver.
https://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/Sendemail
Please note that often Gmail will be finicky about trying to send email through it this way, and I tend to avoid it if possible. Do you have a local mail server configured?
answered Nov 12 '18 at 21:15
Simon DuffSimon Duff
1315
the config was generated by splunk web.. anyway when editing it manually and adding alsoserver = smtp.gmail.com:465, its still showinglocalhostin the error log
– Mugen
Nov 13 '18 at 8:17
See the solution posted here, answers.splunk.com/answers/548703/…
– Simon Duff
Nov 14 '18 at 1:50
I don't have any localsavedsearches.conf, nor would I would to define a[savedsearch-name]in config per alert, unless there was some automatic generation
– Mugen
Nov 14 '18 at 8:32
add a comment |
In your config, you need to use server=, not mailserver.
https://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/Sendemail
Please note that often Gmail will be finicky about trying to send email through it this way, and I tend to avoid it if possible. Do you have a local mail server configured?
answered Nov 12 '18 at 21:15
Simon DuffSimon Duff
1315
In your config, you need to use server=, not mailserver.
https://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/Sendemail
Please note that often Gmail will be finicky about trying to send email through it this way, and I tend to avoid it if possible. Do you have a local mail server configured?
answered Nov 12 '18 at 21:15
Simon DuffSimon Duff
1315
edited Nov 12 '18 at 22:39
answered Nov 12 '18 at 21:15
Simon DuffSimon Duff
1315
answered Nov 12 '18 at 21:15
Simon DuffSimon Duff
1315
answered Nov 12 '18 at 21:15
Simon DuffSimon Duff
1315
1315
the config was generated by splunk web.. anyway when editing it manually and adding alsoserver = smtp.gmail.com:465, its still showinglocalhostin the error log
– Mugen
Nov 13 '18 at 8:17
See the solution posted here, answers.splunk.com/answers/548703/…
– Simon Duff
Nov 14 '18 at 1:50
I don't have any localsavedsearches.conf, nor would I would to define a[savedsearch-name]in config per alert, unless there was some automatic generation
– Mugen
Nov 14 '18 at 8:32
add a comment |
the config was generated by splunk web.. anyway when editing it manually and adding alsoserver = smtp.gmail.com:465, its still showinglocalhostin the error log
– Mugen
Nov 13 '18 at 8:17
See the solution posted here, answers.splunk.com/answers/548703/…
– Simon Duff
Nov 14 '18 at 1:50
I don't have any localsavedsearches.conf, nor would I would to define a[savedsearch-name]in config per alert, unless there was some automatic generation
– Mugen
Nov 14 '18 at 8:32
the config was generated by splunk web.. anyway when editing it manually and adding also
server = smtp.gmail.com:465, its still showing localhost in the error log– Mugen
Nov 13 '18 at 8:17
the config was generated by splunk web.. anyway when editing it manually and adding also
server = smtp.gmail.com:465, its still showing localhost in the error log– Mugen
Nov 13 '18 at 8:17
See the solution posted here, answers.splunk.com/answers/548703/…
– Simon Duff
Nov 14 '18 at 1:50
See the solution posted here, answers.splunk.com/answers/548703/…
– Simon Duff
Nov 14 '18 at 1:50
I don't have any local
savedsearches.conf, nor would I would to define a [savedsearch-name] in config per alert, unless there was some automatic generation– Mugen
Nov 14 '18 at 8:32
I don't have any local
savedsearches.conf, nor would I would to define a [savedsearch-name] in config per alert, unless there was some automatic generation– Mugen
Nov 14 '18 at 8:32
add a comment |
For the meantime I'm using the following script as a workaround:
temp="/tmp/results_$(date -u +%s).csv"
gunzip < $8 > $temp
printf "$1 alarming logs were found by $4n$6" |
SMTP_URL='smtps://my_email%40gmail.com:password@smtp.gmail.com' mutt
-F /dev/null
-e 'set from="Splunk <my_email@gmail.com>"'
-e 'set smtp_url=$SMTP_URL'
-s "Splunk: $4"
-a $temp --
target@gmail.com
rm -rf $temp
at $SPLUNK_HOME/bin/scripts/sendmail.sh
answered Nov 14 '18 at 11:26
MugenMugen
1,76022045
actually a better workaround was to edit the contents of/opt/splunk/etc/apps/search/bin/sendemail.py, not sure what in configuration is not read correctly
– Mugen
Nov 15 '18 at 7:50
add a comment |
For the meantime I'm using the following script as a workaround:
temp="/tmp/results_$(date -u +%s).csv"
gunzip < $8 > $temp
printf "$1 alarming logs were found by $4n$6" |
SMTP_URL='smtps://my_email%40gmail.com:password@smtp.gmail.com' mutt
-F /dev/null
-e 'set from="Splunk <my_email@gmail.com>"'
-e 'set smtp_url=$SMTP_URL'
-s "Splunk: $4"
-a $temp --
target@gmail.com
rm -rf $temp
at $SPLUNK_HOME/bin/scripts/sendmail.sh
answered Nov 14 '18 at 11:26
MugenMugen
1,76022045
actually a better workaround was to edit the contents of/opt/splunk/etc/apps/search/bin/sendemail.py, not sure what in configuration is not read correctly
– Mugen
Nov 15 '18 at 7:50
add a comment |
For the meantime I'm using the following script as a workaround:
temp="/tmp/results_$(date -u +%s).csv"
gunzip < $8 > $temp
printf "$1 alarming logs were found by $4n$6" |
SMTP_URL='smtps://my_email%40gmail.com:password@smtp.gmail.com' mutt
-F /dev/null
-e 'set from="Splunk <my_email@gmail.com>"'
-e 'set smtp_url=$SMTP_URL'
-s "Splunk: $4"
-a $temp --
target@gmail.com
rm -rf $temp
at $SPLUNK_HOME/bin/scripts/sendmail.sh
answered Nov 14 '18 at 11:26
MugenMugen
1,76022045
For the meantime I'm using the following script as a workaround:
temp="/tmp/results_$(date -u +%s).csv"
gunzip < $8 > $temp
printf "$1 alarming logs were found by $4n$6" |
SMTP_URL='smtps://my_email%40gmail.com:password@smtp.gmail.com' mutt
-F /dev/null
-e 'set from="Splunk <my_email@gmail.com>"'
-e 'set smtp_url=$SMTP_URL'
-s "Splunk: $4"
-a $temp --
target@gmail.com
rm -rf $temp
at $SPLUNK_HOME/bin/scripts/sendmail.sh
answered Nov 14 '18 at 11:26
MugenMugen
1,76022045
answered Nov 14 '18 at 11:26
MugenMugen
1,76022045
answered Nov 14 '18 at 11:26
MugenMugen
1,76022045
answered Nov 14 '18 at 11:26
MugenMugen
1,76022045
1,76022045
actually a better workaround was to edit the contents of/opt/splunk/etc/apps/search/bin/sendemail.py, not sure what in configuration is not read correctly
– Mugen
Nov 15 '18 at 7:50
add a comment |
actually a better workaround was to edit the contents of/opt/splunk/etc/apps/search/bin/sendemail.py, not sure what in configuration is not read correctly
– Mugen
Nov 15 '18 at 7:50
actually a better workaround was to edit the contents of
/opt/splunk/etc/apps/search/bin/sendemail.py, not sure what in configuration is not read correctly– Mugen
Nov 15 '18 at 7:50
actually a better workaround was to edit the contents of
/opt/splunk/etc/apps/search/bin/sendemail.py, not sure what in configuration is not read correctly– Mugen
Nov 15 '18 at 7:50
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53264898%2fsplunk-sendemail-fails-errno-99-with-mailserver-smtp-gmail-com%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
