All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to update the results and view links in the Alert Manager email?

vinit_masaun
Explorer
‎06-12-2017 02:29 PM

Hello,

I am using Splunk 6.3.3 with the Alert Manager app (version 2.0.5) for alert distribution. Everything is working as expected except, the results and view links in the email body are incorrect. The splunkweb is running in SSL mode and we also have a load balancer in front of the search head. The links generated in the email body are http instead of https and the hostname is the server name instead of the load balancer cname. I updated the alert_actions.conf file under both the /etc/system/local and /etc/apps/alert_manager/local locations by adding the intended hostname value but it didn't make any difference.

Has anyone figured this out?

Thanks

Reply

vinkumar_splunk
Splunk Employee
Splunk Employee
‎10-03-2018 10:04 PM

Have you found any solution for this issue?

0 Karma
Reply

woodcock
Esteemed Legend
‎06-12-2017 04:19 PM

Set the hostname option in alert_actions.conf:
http://docs.splunk.com/Documentation/Splunk/6.6.1/Admin/alertactionsconf:

hostname = [protocol]<host>[:<port>]
* Sets the hostname used in the web link (url) sent in alerts.
* This value accepts two forms.
  * hostname
       examples: splunkserver, splunkserver.example.com
  * protocol://hostname:port
       examples: http://splunkserver:8000, https://splunkserver.example.com:443
* When this value is a simple hostname, the protocol and port which
  are configured within splunk are used to construct the base of
  the url.
* When this value begins with 'http://', it is used verbatim.
  NOTE: This means the correct port must be specified if it is not
  the default port for http or https.
* This is useful in cases when the Splunk server is not aware of
  how to construct an externally referenceable url, such as SSO
  environments, other proxies, or when the Splunk server hostname
  is not generally resolvable.
* Defaults to current hostname provided by the operating system,
  or if that fails, "localhost".
* When set to empty, default behavior is used.

This must be deployed to EVERY Search Head and all Splunk instances there need to be restarted before it will take effect.

0 Karma
Reply

vinit_masaun
Explorer
‎06-13-2017 08:04 AM

Thats exactly what I have done on the search head where the saved searches run. I have restarted the splunk processes as well but it still doesn't work. The results and view links are not constructed using the hostname value I defined in the alert_actions.conf file.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...