All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to update the results and view links in the Alert Manager email?

vinit_masaun
Explorer
‎06-12-2017 02:29 PM

Hello,

I am using Splunk 6.3.3 with the Alert Manager app (version 2.0.5) for alert distribution. Everything is working as expected except, the results and view links in the email body are incorrect. The splunkweb is running in SSL mode and we also have a load balancer in front of the search head. The links generated in the email body are http instead of https and the hostname is the server name instead of the load balancer cname. I updated the alert_actions.conf file under both the /etc/system/local and /etc/apps/alert_manager/local locations by adding the intended hostname value but it didn't make any difference.

Has anyone figured this out?

Thanks

Reply

vinkumar_splunk
Splunk Employee
Splunk Employee
‎10-03-2018 10:04 PM

Have you found any solution for this issue?

0 Karma
Reply

woodcock
Esteemed Legend
‎06-12-2017 04:19 PM

Set the hostname option in alert_actions.conf:
http://docs.splunk.com/Documentation/Splunk/6.6.1/Admin/alertactionsconf:

hostname = [protocol]<host>[:<port>]
* Sets the hostname used in the web link (url) sent in alerts.
* This value accepts two forms.
  * hostname
       examples: splunkserver, splunkserver.example.com
  * protocol://hostname:port
       examples: http://splunkserver:8000, https://splunkserver.example.com:443
* When this value is a simple hostname, the protocol and port which
  are configured within splunk are used to construct the base of
  the url.
* When this value begins with 'http://', it is used verbatim.
  NOTE: This means the correct port must be specified if it is not
  the default port for http or https.
* This is useful in cases when the Splunk server is not aware of
  how to construct an externally referenceable url, such as SSO
  environments, other proxies, or when the Splunk server hostname
  is not generally resolvable.
* Defaults to current hostname provided by the operating system,
  or if that fails, "localhost".
* When set to empty, default behavior is used.

This must be deployed to EVERY Search Head and all Splunk instances there need to be restarted before it will take effect.

0 Karma
Reply

vinit_masaun
Explorer
‎06-13-2017 08:04 AM

Thats exactly what I have done on the search head where the saved searches run. I have restarted the splunk processes as well but it still doesn't work. The results and view links are not constructed using the hostname value I defined in the alert_actions.conf file.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...