Alerting

Weird broken link in email alert

twiggle
Explorer

In my email alerts,

I enabled the option to send a link to the alert. The result is that I get the "View results in Splunk" link.
However that link sends me to a broken link.

Instead of using my host, it uses a IP format instead. This is what I mean:
[given] http://SOMEIP-:PORT/app/search/QUERY
[correct] http://HOST:PORT/app/search/QUERY

where SOMEIP is in the following format: ip-XXX-XX-XX-XX

Is this suppose to happen? How can I fix it to return the link as http://HOST:PORT/app/search/QUERY instead of the weird IP thing?

Tags (4)
1 Solution

acharlieh
Influencer

By default I believe it tries to use the hostname that the system identifies itself as. But when this is not correct you can modify the hostname used in alerts through the ui or by editing alert_actions.conf and specifying a desired hostname (protocol and port) to use when constructing external links.

View solution in original post

acharlieh
Influencer

By default I believe it tries to use the hostname that the system identifies itself as. But when this is not correct you can modify the hostname used in alerts through the ui or by editing alert_actions.conf and specifying a desired hostname (protocol and port) to use when constructing external links.

twiggle
Explorer

Thanks for pointing that out to me!

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...