Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to customize Alert Manager incident email alert results_link and view_link URL (host:port)?

JykkeDaMan
Path Finder
‎06-26-2019 07:16 AM

How do I get the Alert Manager incident emails links host:port part customised?

alert_manager/bin/lib/IncidentContext.py seems to be using REST endpoint to get the server_info:

uri = '/services/server/info?output_mode=json'
...
context.update({ "results_link" : protocol + "://"+server_info["host_fqdn"] + ":"+ http_port +"/app/" + incident["app"] + "/@go?sid=" + incident["job_id"] })

context.update({ "view_link" : protocol + "://"+server_info["host_fqdn"] + ":" + http_port + "/app/" + incident["app"] + "/alert?s=" + urllib.quote("/servicesNS/nobody/"+incident["app"]+"/saved/searches/" + incident["alert"] ) })

I have a setup, where the host_fqdn is different than the SH public webui access URL.
I have already customized the generic server settings for Alert emails, which has a correct URL, so I could use it like this:

uri = '/services/configs/conf-alert_actions/email?output_mode=json'
...
context.update({ "results_link" : alert_email_settings["hostname"] +"/app/..."
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...