How to customize Alert Manager incident email aler...

Alerting

How do I get the Alert Manager incident emails links host:port part customised?

alert_manager/bin/lib/IncidentContext.py seems to be using REST endpoint to get the server_info:

uri = '/services/server/info?output_mode=json'
...
context.update({ "results_link" : protocol + "://"+server_info["host_fqdn"] + ":"+ http_port +"/app/" + incident["app"] + "/@go?sid=" + incident["job_id"] })

context.update({ "view_link" : protocol + "://"+server_info["host_fqdn"] + ":" + http_port + "/app/" + incident["app"] + "/alert?s=" + urllib.quote("/servicesNS/nobody/"+incident["app"]+"/saved/searches/" + incident["alert"] ) })

I have a setup, where the host_fqdn is different than the SH public webui access URL.
I have already customized the generic server settings for Alert emails, which has a correct URL, so I could use it like this:

uri = '/services/configs/conf-alert_actions/email?output_mode=json'
...
context.update({ "results_link" : alert_email_settings["hostname"] +"/app/..."

Get Updates on the Splunk Community!

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced? In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...