Splunk Search

hostname used in links is the real hostname not the Splunk server name

mfrost8
Builder

I'm running Splunk 4.1.2. It seems that when Splunk sends out URL that correspond to searches (say when it triggers a script or send e-mail from a saved search), it's now sending out links with the real hostname in them rather than the Splunk server name I've set.

Unless I'm mistaken this used to work. In fact, I thought that was the reason you set the Splunk servername and default hostname in General Settings.

Did something change that I missed?

Thanks

1 Solution

sdwilkerson
Contributor

Mfrost8,

I am not sure why it changed for you (I presume this changed with an upgrade?), but you can easily set this through the UI: Manager --> E-mail alert settings Then fill in the "Link hostname" and click save. It shouldn't take a restart.

Sean

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

The Splunk serverName (in server.conf) is used only with Splunk distributed search (to identify events and servers across the cluster), while the default hostname (in inputs.conf) is used only to set the host field for indexed data if it is not otherwise specified. sdwilkerson has the answer below, there is a different setting for the email links (in alert_actions.conf).

sdwilkerson
Contributor

Mfrost8,

I am not sure why it changed for you (I presume this changed with an upgrade?), but you can easily set this through the UI: Manager --> E-mail alert settings Then fill in the "Link hostname" and click save. It shouldn't take a restart.

Sean

View solution in original post

.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!