Recently the server team changed the mail host our splunk cluster used, I have put the new value in all the search heads (System Settings, Mail Host).
However looking at the python log, I am seeing that some alerts and reports are still using the old mail host, and thus getting a 550 Relay error.
Also, the scheduled reports that do successfully send, often send duplicates / triplicates.
So, questions.
Do all the search heads need a mail host? Is this why I am multiples are being sent out?
Why are some alerts/reports still using the old host?
Thanks
↧