Alerting
Highlighted

Email Alerts behind proxy not sending proper link

Path Finder

I have Splunk configured and working behind a proxy. The goal is to hit "https://splunk/" and have it redirect me to "https://internal.splunk:8000/". This works fine for the web interface, but not for my email alerts. I have configured my email settings in the GUI to use the proper hostname, but when I get my email alert, the link goes to "https://splunk:8000/".

What setting do I have to change to remove the :8000 from the link Splunk sends me?

Tags (3)
Highlighted

Re: Email Alerts behind proxy not sending proper link

Motivator

Take a look at your alert_actions.conf. You can configure the URL used in the links with reportServerURL = http://blah:1234/

Highlighted

Re: Email Alerts behind proxy not sending proper link

Explorer

When I make the change as specified in ftk's answer it changes the reference to the location of my PDF server, not the "Link to results" link. This is also in alignment with the alert_actions.conf documentation.

The issue is that the proxy is at link A and the Splunk server resides at link B. The "Link to results" link in the email is to link B (directly to the Splunk server) and not to Link A (the proxy).

Is there a way to force the email to contain the link to the proxy server?

0 Karma
Highlighted

Re: Email Alerts behind proxy not sending proper link

Splunk Employee
Splunk Employee

I believe alert_action.conf is the right place, the value you want should be

hostname = host.domain.com

0 Karma
Highlighted

Re: Email Alerts behind proxy not sending proper link

Communicator

This still seems to add the port at the end of it.

Highlighted

Re: Email Alerts behind proxy not sending proper link

Path Finder

I just had the same issue, and the only way I could figure it out is to use the following in alert_action.conf:

hostname=host.domain.com:80 

or

hostname=host.domain.com:

When the URL gets added to the email, you get the following (depending on which one you use):

http://host.domain.com:80/app/... or http://host.domain.com:/app/...

Either way, the browsers interpret the URL correctly, but it just doesn't look pretty.

Hope that helps.

Cheers, Ash

View solution in original post

Highlighted

Re: Email Alerts behind proxy not sending proper link

Path Finder

Excellent! This worked, except I had to use :443 for SSL. Thanks!

0 Karma
Highlighted

Re: Email Alerts behind proxy not sending proper link

Path Finder

I found a bit of a problem with this, the alerts work perfectly, however for some reason when I have the port set to :80 it makes the Scheduled PDF Reports fail when it tries to generate the PDF. I can't figure out why as the moment, but just thought I'd let you know in case you run into this issue as well.

0 Karma
Highlighted

Re: Email Alerts behind proxy not sending proper link

Path Finder

hostnames were not properly configured on alertsactions.conf file that failed to display results for email link results, This was corrected by adding stanza in /opt/splunk/etc/system/local/alertaction.conf:

[email]
hostname =

0 Karma