Configure URL in saved search results

dmesler · ‎12-08-2010

I have SSO working with apache responding to a "splunk" cname. But when splunk emails search results the URL is https://hostname:port/... How can I configure splunk to just use a "https://splunk" url so connections will pass through apache?

njdove · ‎03-22-2011

I solved this problem in my Apache SSO setup - Splunk e-mail alerts contained http://hostname:8000/app/ rather than https://hostname/app/. I was unable to convince Splunk to change its URL, but I was successful in configuring Apache to redirect the broken URLs to the correct location.

First I configured Splunk to listen only on the loopback address in /usr/local/splunk/etc/system/local/web.conf:

server.socket_host = 127.0.0.1

Then I added a VirtualHost to Apache listening on the public IP, port 8000 to redirect to the correct URL. In RHEL/CENTOS' /etc/httpd/conf.d/vhost-splunk-redirect.conf:

Listen 192.168.0.1:8000
NameVirtualHost 192.168.0.1:8000

<VirtualHost 192.168.0.1:8000>
    RewriteEngine On
    RewriteRule .* https://hostname.com%{REQUEST_URI} [R,L]
</VirtualHost>

With this configuration Splunk alert URLs redirect to their equivalent, functional SSO/SSL URLs.

southeringtonp · ‎12-08-2010

In alert_actions.conf:

hostname=splunk.yourdomain.com

Configure URL in saved search results

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash