Hi everyone.
I've been searching on other 'answers' but no one have solved my problem.
I have some alerts that, depending on the conditions, send an email with details of the incident. It's been a few days that I'm not receiving any email from Splunk.
I forced the alert situation and it did not send any email. The alert also is not appearing in the triggered alerts. When I run the search, the results are shown.
I have already checked the following settings:
1. alert_actions.conf
2. a query 'ex = _internal source = * scheduler.log'
I forced the sending of an email by the search:
index = _internal | head 1 | sendemail to = "name@my.email.domain" format = "html" server = smtp.gmail.com: 587 use_tls = 1
and it sends the email.
Does anyone have other tips to investigate?
Tks so much.
↧