Solved: Remove HTTP Port in Alert Email Link

fredclown · ‎05-01-2024

We have a load balancer sitting in front of our search head cluster that is reverse proxying the connection to the search heads over https port 443. The search head web interfaces are running on port 8000. The issue is when our search heads send out alert emails they append 8000 to the load balancer url which doesn't work because the load balancer is listening on 443. Is there a way to tell the search heads to leave off the port or specify a different port explicitly in the alert emails?

fredclown · ‎05-01-2024

Oh, I think I just found the answer. Looks like in the alert_actions.conf file there is the hostname property that if you explicitly put https:// in front of the url then you can avoid having it tack on the web port when it sends emails.

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Alertactionsconf

View solution in original post

fredclown · ‎05-01-2024

Oh, I think I just found the answer. Looks like in the alert_actions.conf file there is the hostname property that if you explicitly put https:// in front of the url then you can avoid having it tack on the web port when it sends emails.

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Alertactionsconf

Remove HTTP Port in Alert Email Link

alert action

email

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?