Archive

change the host name for alert trigger

Path Finder

I have Splunk sitting on a standalone box with hostname "splunk" I am testing triggering alerts to a third party app.

When the alert triggers it sends the host value "Splunk" to the third party app.

I want to be able to change this field to "splunk.domain.org" so that we can launch back into splunk in context from a link that's presented on the third party app as currently http://splunk when I'd like it to be http://splunk.domain.org...

I've tried setting the splunk hostname and tried a few props.conf settings but haven't been able to succeed as yet.

gratzi

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

Create etc/system/local/alert_actions.conf

hostname=http://splunk.domain.org

restart Splunk service

Try this, It will work

0 Karma

Esteemed Legend

All of this is done in server.conf and it varies depending on host OS and other things:

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf

0 Karma

Path Finder

that was one of the first things we tried - setting the splunk hostname in the GUI adds adds an entry to ..

/etc/system/local/server.conf

[general]
serverName = splunk.domain.org

this did not work it still used the hostname of the server

0 Karma