The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: SplunkAdministration: Sendemail.py - configuring server=

Previous Topic: SPLUNK WITH MULTIPLE LOGS ( online GENERATED)  |   Next Topic: Windows App, strange hosts appearing in list


Posts 1–4 of 4
1
posted by: pstein  |  posts
date: February 4, 2009
permalink

I have looked through the docs and browsed the online sites to no avail. I have Splunk setup on my SuSE Linux 9 SP3 on an IBM x4100. When I setup a LiveSearch and get a match my email never makes it as it gets dumped by our mail servers.
This is what I see in splunkd.log:
....| sendemail "server=localhost" "to=<myname>@<mycompany>.com" "from=splunk@localhost" "subject=SplunkAlert:

I am trying to replace "localhost" with our relay server. I have configured /etc/postfix/main.cf and the relayhost=<relay.<domain>.com - didn't work

I have looked at how sendemail.py calls the "serverURL = argvals.get("server", "localhost")" but nothing is clear there either.

Confused. Can you direct me to where I can set this to ensure Splunk pulls in relay.

Regards,

PStein

2
posted by: araitz  |  posts
date: February 4, 2009
permalink

Paul,

Make a $SPLUNK_HOME/etc/system/local/alert_actions.conf, and put in it:

[email]
mailserver=your_relay_host

-Alex

3
posted by: pstein  |  posts
date: February 5, 2009
permalink

As always, Spot on!

Thank you.

PStein

4
posted by: camilleballi  |  posts
date: March 16, 2009
permalink

Good topic info for me.. How do I get different email alerts for different searches ? I need the subject line to read different as they are going to diff teams to resolve? Thanks, Camille