change the host name for alert trigger

Skins · ‎09-11-2017

I have Splunk sitting on a standalone box with hostname "splunk" I am testing triggering alerts to a third party app.

When the alert triggers it sends the host value "Splunk" to the third party app.

I want to be able to change this field to "splunk.domain.org" so that we can launch back into splunk in context from a link that's presented on the third party app as currently http://splunk when I'd like it to be http://splunk.domain.org...

I've tried setting the splunk hostname and tried a few props.conf settings but haven't been able to succeed as yet.

gratzi

yaasirvatham_sp · ‎04-19-2020

Create etc/system/local/alert_actions.conf

hostname=http://splunk.domain.org

restart Splunk service

Try this, It will work

woodcock · ‎09-11-2017

All of this is done in server.conf and it varies depending on host OS and other things:

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf

Skins · ‎09-12-2017

that was one of the first things we tried - setting the splunk hostname in the GUI adds adds an entry to ..

/etc/system/local/server.conf

[general]
serverName = splunk.domain.org

this did not work it still used the hostname of the server

change the host name for alert trigger

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash