I'm running Splunk 4.1.2. It seems that when Splunk sends out URL that correspond to searches (say when it triggers a script or send e-mail from a saved search), it's now sending out links with the real hostname in them rather than the Splunk server name I've set.
Unless I'm mistaken this used to work. In fact, I thought that was the reason you set the Splunk servername and default hostname in General Settings.
Did something change that I missed?
Thanks
Mfrost8,
I am not sure why it changed for you (I presume this changed with an upgrade?), but you can easily set this through the UI: Manager --> E-mail alert settings Then fill in the "Link hostname" and click save. It shouldn't take a restart.
Sean
The Splunk serverName (in server.conf
) is used only with Splunk distributed search (to identify events and servers across the cluster), while the default hostname (in inputs.conf
) is used only to set the host
field for indexed data if it is not otherwise specified. sdwilkerson has the answer below, there is a different setting for the email links (in alert_actions.conf
).
Mfrost8,
I am not sure why it changed for you (I presume this changed with an upgrade?), but you can easily set this through the UI: Manager --> E-mail alert settings Then fill in the "Link hostname" and click save. It shouldn't take a restart.
Sean