Solved: Weird broken link in email alert

twiggle · ‎05-06-2015

In my email alerts,

I enabled the option to send a link to the alert. The result is that I get the "View results in Splunk" link.
However that link sends me to a broken link.

Instead of using my host, it uses a IP format instead. This is what I mean:
[given] http://SOMEIP-:PORT/app/search/QUERY
[correct] http://HOST:PORT/app/search/QUERY

where SOMEIP is in the following format: ip-XXX-XX-XX-XX

Is this suppose to happen? How can I fix it to return the link as http://HOST:PORT/app/search/QUERY instead of the weird IP thing?

acharlieh · ‎05-08-2015

By default I believe it tries to use the hostname that the system identifies itself as. But when this is not correct you can modify the hostname used in alerts through the ui or by editing alert_actions.conf and specifying a desired hostname (protocol and port) to use when constructing external links.

View solution in original post

acharlieh · ‎05-08-2015

By default I believe it tries to use the hostname that the system identifies itself as. But when this is not correct you can modify the hostname used in alerts through the ui or by editing alert_actions.conf and specifying a desired hostname (protocol and port) to use when constructing external links.

twiggle · ‎05-10-2015

Thanks for pointing that out to me!

Weird broken link in email alert

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!