Why do the links to searches sent as part of alert...

a212830 · ‎01-28-2015

Hi,

We've noticed that the link to searches that are sent as part of the alert email are wrong.

The link to the search has "http://mysplunk.com:8000/..."

when it should be "https://mysplunk.com/en-US/..."

As a result, none of the links that are sent with the alert are working.

chanfoli · ‎01-28-2015

The documentation on the hostname parameter in alert alert_actions.conf is a bit ambiguous on behavior for default ports on http or https but based on the documentation you can use the [protocol://]host.domain.com[:port] format to set the link base, in alert_actions.conf which is presumably what gets edited as Link hostname when you go to settings->general settings->email settings in splunk web.

I would try there or in the config and specify the deisred base in protocol://host.comain.tld format. (e.g. https://splunk.mydomain.com )

See http://docs.splunk.com/Documentation/Splunk/6.2.1/Admin/Alertactionsconf

a212830 · ‎01-29-2015

Thanks. I changed them on each server in ../system/local and bounced splunkweb, but it did not take. I use SHP - would it need to be changed somewhere else?

a212830 · ‎01-30-2015

Anyone?

chanfoli · ‎01-30-2015

Try running this on your indexers and look for hostname to confirm that alert_actions.conf has been reloaded and that no other location is clobbering your setting :

$SPLUNK_HOME/bin/splunk btool alert_actions list --debug

Why do the links to searches sent as part of alert emails have the wrong base URL and do not work?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases