Hi,
We've noticed that the link to searches that are sent as part of the alert email are wrong.
The link to the search has "http://mysplunk.com:8000/..."
when it should be "https://mysplunk.com/en-US/..."
As a result, none of the links that are sent with the alert are working.
The documentation on the hostname parameter in alert alert_actions.conf is a bit ambiguous on behavior for default ports on http or https but based on the documentation you can use the [protocol://]host.domain.com[:port] format to set the link base, in alert_actions.conf which is presumably what gets edited as Link hostname when you go to settings->general settings->email settings in splunk web.
I would try there or in the config and specify the deisred base in protocol://host.comain.tld format. (e.g. https://splunk.mydomain.com )
See http://docs.splunk.com/Documentation/Splunk/6.2.1/Admin/Alertactionsconf
Thanks. I changed them on each server in ../system/local and bounced splunkweb, but it did not take. I use SHP - would it need to be changed somewhere else?
Anyone?
Try running this on your indexers and look for hostname to confirm that alert_actions.conf has been reloaded and that no other location is clobbering your setting :
$SPLUNK_HOME/bin/splunk btool alert_actions list --debug