Solved: Remove HTTP Port in Alert Email Link

fredclown · ‎05-01-2024

We have a load balancer sitting in front of our search head cluster that is reverse proxying the connection to the search heads over https port 443. The search head web interfaces are running on port 8000. The issue is when our search heads send out alert emails they append 8000 to the load balancer url which doesn't work because the load balancer is listening on 443. Is there a way to tell the search heads to leave off the port or specify a different port explicitly in the alert emails?

fredclown · ‎05-01-2024

Oh, I think I just found the answer. Looks like in the alert_actions.conf file there is the hostname property that if you explicitly put https:// in front of the url then you can avoid having it tack on the web port when it sends emails.

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Alertactionsconf

View solution in original post

fredclown · ‎05-01-2024

Oh, I think I just found the answer. Looks like in the alert_actions.conf file there is the hostname property that if you explicitly put https:// in front of the url then you can avoid having it tack on the web port when it sends emails.

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Alertactionsconf

Remove HTTP Port in Alert Email Link

alert action

email

New Case Study: How LSU’s Student-Powered SOCs and Splunk Are Shaping the Future of ...

Splunk and Fraud

Build Your First SPL2 App!