In my email alerts,
I enabled the option to send a link to the alert. The result is that I get the "View results in Splunk" link.
However that link sends me to a broken link.
Instead of using my host, it uses a IP format instead. This is what I mean:
[given] http://SOMEIP-:PORT/app/search/QUERY
[correct] http://HOST:PORT/app/search/QUERY
where SOMEIP is in the following format: ip-XXX-XX-XX-XX
Is this suppose to happen? How can I fix it to return the link as http://HOST:PORT/app/search/QUERY instead of the weird IP thing?
By default I believe it tries to use the hostname that the system identifies itself as. But when this is not correct you can modify the hostname used in alerts through the ui or by editing alert_actions.conf and specifying a desired hostname (protocol and port) to use when constructing external links.
By default I believe it tries to use the hostname that the system identifies itself as. But when this is not correct you can modify the hostname used in alerts through the ui or by editing alert_actions.conf and specifying a desired hostname (protocol and port) to use when constructing external links.
Thanks for pointing that out to me!