We experienced an issue with having Splunk send mails via our enterprise mailserver. Due to the number of emails being sent within a short amount of time, the mailserver rejected a handful of the emails. While Splunk logged these failures in `python.log`, that's not of any help to our teams that depend on the emails.
Is there a way to have Splunk add the emails it needs to send to a queue of sorts? That way, if it detects the message couldn't be sent for some reason, it'll re-try. We know that installing a mailserver on the Splunk server itself works but isn't the most secure idea. We've also looked at using a third party service (like SES), but were curious if there's a feature that we glossed over.
↧