Documentation > Splunk > Admin Manual > alert_actions.conf

Admin Manual

 


Getting Started
How Splunk Works
Configuring a Splunk Deployment
Data Inputs
Hosts
Source Types
Timestamp Recognition
Events
Event Types
Meta Events
Fields
Segmentation
Saved Searches and Alerts
Authentication
Granular Access Control
Data Distribution
Distributed Search
Deployment Server
Index Management
Bundles
SplunkBase
Performance Tuning
Routine Maintenance
How-To
Troubleshooting
Reference

alert_actions.conf

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

alert_actions.conf

Alert_actions.conf controls parameters for available alerting actions for scheduled searches.

alert_actions.conf.spec 

# This file contains possible attributes and values for configuring saved search
# actions and alerting in alert_actions.conf.
#
# You can configure Splunk's global alerting actions by creating your own alert_actions.conf.
# There is an alert_actions.conf in $SPLUNK_HOME/etc/bundles/default/.  To set custom configurations,
# place an alert_actions.conf in $SPLUNK_HOME/etc/bundles/local/ or your own custom bundle directory.
# Glabal options
maxresults = <int>
        * Set the global maximum number of search results to be sent via alerts.
        * Defaults to 100.
hostname = <string>
        * Set the hostname that is displayed in the link sent in alerts.
        * This is useful when the machine sending the alerts does not have a FQDN.
        * Defaults to current hostname (set in Splunk) or localhost (if none is set).
# Email saved search actions
[<email saved search action>]
from = <string>
     * Email address where the alert originates.
     * Defaults to splunk@localhost
subject = <string>
     * Specify an alternate email subject.
     * Defaults to SplunkAlert-<splunkname>.
format = <string>
     * Specify the format of the text in the email.
      * Possible values include:  plain, html and csv.
     * The value for will also apply to any attachments as well as the text of an email.
inline = true | false | auto
        * Specify whether the search results will be contained in the body of the alert email.
        * Defaults to auto.
mailserver = <string>
        * The SMTP mail server to use when sending emails.
        * Defaults to localhost.
# RSS saved search actions
items_count = <number>
     * Threshold of how many rss feeds will be saved.
     * Defaults to 30.

alert_actions.conf.example 

# EXAMPLE alert_action.conf
#
# You can use this example configuration file to customize your scheduled alerts.
[email]
# from email address
from=splunk@splunkalerts.com
# by default the subject is SplunkAlert-<splunk-name>, but
# you can change that here.
subject=your daily splunk
# specify the format of the text in the email with two
# possible values: html, plain, csv
format=html
[rss]
# threshold of rss feeds
items_count=30
Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.1.4/Admin/Alertactionsconf"

This documentation applies to the following versions of Splunk: 3.1.4 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!