- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm running Splunk 4.1.2. It seems that when Splunk sends out URL that correspond to searches (say when it triggers a script or send e-mail from a saved search), it's now sending out links with the real hostname in them rather than the Splunk server name I've set.
Unless I'm mistaken this used to work. In fact, I thought that was the reason you set the Splunk servername and default hostname in General Settings.
Did something change that I missed?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mfrost8,
I am not sure why it changed for you (I presume this changed with an upgrade?), but you can easily set this through the UI: Manager --> E-mail alert settings Then fill in the "Link hostname" and click save. It shouldn't take a restart.
Sean
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Splunk serverName (in server.conf) is used only with Splunk distributed search (to identify events and servers across the cluster), while the default hostname (in inputs.conf) is used only to set the host field for indexed data if it is not otherwise specified. sdwilkerson has the answer below, there is a different setting for the email links (in alert_actions.conf).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mfrost8,
I am not sure why it changed for you (I presume this changed with an upgrade?), but you can easily set this through the UI: Manager --> E-mail alert settings Then fill in the "Link hostname" and click save. It shouldn't take a restart.
Sean
