https://community.splunk.com/t5/Splunk-Search/Configure-URL-in-saved-search-results/m-p/101636#M26259 <P>I solved this problem in my Apache SSO setup - Splunk e-mail alerts contained <A href="http://hostname:8000/app/" rel="nofollow">http://hostname:8000/app/</A> rather than <A href="https://hostname/app/" rel="nofollow">https://hostname/app/</A>. I was unable to convince Splunk to change its URL, but I was successful in configuring Apache to redirect the broken URLs to the correct location.</P> <P>First I configured Splunk to listen only on the loopback address in /usr/local/splunk/etc/system/local/web.conf:</P> <PRE><CODE>server.socket_host = 127.0.0.1 </CODE></PRE> <P>Then I added a VirtualHost to Apache listening on the public IP, port 8000 to redirect to the correct URL. In RHEL/CENTOS' /etc/httpd/conf.d/vhost-splunk-redirect.conf:</P> <PRE><CODE>Listen 192.168.0.1:8000 NameVirtualHost 192.168.0.1:8000 &lt;VirtualHost 192.168.0.1:8000&gt; RewriteEngine On RewriteRule .* <A href="https://hostname.com%{REQUEST_URI}" target="test_blank">https://hostname.com%{REQUEST_URI}</A> [R,L] &lt;/VirtualHost&gt; </CODE></PRE> <P>With this configuration Splunk alert URLs redirect to their equivalent, functional SSO/SSL URLs.</P> Wed, 23 Mar 2011 01:27:22 GMT njdove 2011-03-23T01:27:22Z https://community.splunk.com/t5/Splunk-Search/Configure-URL-in-saved-search-results/m-p/101634#M26257 <P>I have SSO working with apache responding to a "splunk" cname. But when splunk emails search results the URL is <A href="https://hostname:port/" rel="nofollow">https://hostname:port/</A>... How can I configure splunk to just use a "https://splunk" url so connections will pass through apache?</P> Thu, 09 Dec 2010 03:30:47 GMT https://community.splunk.com/t5/Splunk-Search/Configure-URL-in-saved-search-results/m-p/101634#M26257 dmesler 2010-12-09T03:30:47Z https://community.splunk.com/t5/Splunk-Search/Configure-URL-in-saved-search-results/m-p/101635#M26258 <P>In <A href="http://www.splunk.com/base/Documentation/4.1.6/Admin/Alertactionsconf" rel="nofollow">alert_actions.conf</A>:</P> <PRE><CODE>hostname=splunk.yourdomain.com </CODE></PRE> Thu, 09 Dec 2010 05:27:06 GMT https://community.splunk.com/t5/Splunk-Search/Configure-URL-in-saved-search-results/m-p/101635#M26258 southeringtonp 2010-12-09T05:27:06Z https://community.splunk.com/t5/Splunk-Search/Configure-URL-in-saved-search-results/m-p/101636#M26259 <P>I solved this problem in my Apache SSO setup - Splunk e-mail alerts contained <A href="http://hostname:8000/app/" rel="nofollow">http://hostname:8000/app/</A> rather than <A href="https://hostname/app/" rel="nofollow">https://hostname/app/</A>. I was unable to convince Splunk to change its URL, but I was successful in configuring Apache to redirect the broken URLs to the correct location.</P> <P>First I configured Splunk to listen only on the loopback address in /usr/local/splunk/etc/system/local/web.conf:</P> <PRE><CODE>server.socket_host = 127.0.0.1 </CODE></PRE> <P>Then I added a VirtualHost to Apache listening on the public IP, port 8000 to redirect to the correct URL. In RHEL/CENTOS' /etc/httpd/conf.d/vhost-splunk-redirect.conf:</P> <PRE><CODE>Listen 192.168.0.1:8000 NameVirtualHost 192.168.0.1:8000 &lt;VirtualHost 192.168.0.1:8000&gt; RewriteEngine On RewriteRule .* <A href="https://hostname.com%{REQUEST_URI}" target="test_blank">https://hostname.com%{REQUEST_URI}</A> [R,L] &lt;/VirtualHost&gt; </CODE></PRE> <P>With this configuration Splunk alert URLs redirect to their equivalent, functional SSO/SSL URLs.</P> Wed, 23 Mar 2011 01:27:22 GMT https://community.splunk.com/t5/Splunk-Search/Configure-URL-in-saved-search-results/m-p/101636#M26259 njdove 2011-03-23T01:27:22Z