Splunk Search

hostname used in links is the real hostname not the Splunk server name

mfrost8
Builder

I'm running Splunk 4.1.2. It seems that when Splunk sends out URL that correspond to searches (say when it triggers a script or send e-mail from a saved search), it's now sending out links with the real hostname in them rather than the Splunk server name I've set.

Unless I'm mistaken this used to work. In fact, I thought that was the reason you set the Splunk servername and default hostname in General Settings.

Did something change that I missed?

Thanks

1 Solution

sdwilkerson
Contributor

Mfrost8,

I am not sure why it changed for you (I presume this changed with an upgrade?), but you can easily set this through the UI: Manager --> E-mail alert settings Then fill in the "Link hostname" and click save. It shouldn't take a restart.

Sean

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

The Splunk serverName (in server.conf) is used only with Splunk distributed search (to identify events and servers across the cluster), while the default hostname (in inputs.conf) is used only to set the host field for indexed data if it is not otherwise specified. sdwilkerson has the answer below, there is a different setting for the email links (in alert_actions.conf).

sdwilkerson
Contributor

Mfrost8,

I am not sure why it changed for you (I presume this changed with an upgrade?), but you can easily set this through the UI: Manager --> E-mail alert settings Then fill in the "Link hostname" and click save. It shouldn't take a restart.

Sean

Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...