alert_actions.conf
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
alert_actions.conf
Alert_actions.conf controls parameters for available alerting actions for scheduled searches.
alert_actions.conf.spec
# This file contains possible attributes and values for configuring global saved search actions and
# in alert_actions.conf. Saved searches are configured in savedsearches.conf.
#
# There is an alert_actions.conf in $SPLUNK_HOME/etc/bundles/default/. To set custom configurations,
# place an alert_actions.conf in your own custom bundle directory.
#
# For help creating a bundle directory, or to learn more about bundles (including bundle precedence)
# please see the documentation located at http://www.splunk.com/doc/latest/admin/bundleconfig.
################################################################################
# Glabal options: these settings do not need to be prefaced by a stanza name
# If you do not specify an entry for each attribute, Splunk will use the default value.
################################################################################
maxresults = <int>
* Set the global maximum number of search results sent via alerts.
* Defaults to 100.
hostname = <string>
* Set the hostname that is displayed in the link sent in alerts.
* This is useful when the machine sending the alerts does not have a FQDN.
* Defaults to current hostname (set in Splunk) or localhost (if none is set).
################################################################################
# EMAIL: these settings are prefaced by the [email] stanza name
################################################################################
[email]
* Set email notification options under this stanza name.
* Follow this stanza name with any number of the following attribute/value pairs.
* If you do not specify an entry for each attribute, Splunk will use the default value.
from = <string>
* Email address originating alert.
* Defaults to splunk@$LOCALHOST.
subject = <string>
* Specify an alternate email subject.
* Defaults to SplunkAlert-<savedsearchname>.
format = <string>
* Specify the format of text in the email.
* Possible values: plain, html and csv.
* This value will also apply to any attachments.
inline = <true | false | auto>
* Specify whether the search results are contained in the body of the alert email.
* Defaults to false.
mailserver = <string>
* The SMTP mail server to use when sending emails.
* Defaults to $LOCALHOST.
################################################################################
# RSS: these settings are prefaced by the [rss] stanza
################################################################################
[rss]
* Set rss notification options under this stanza name.
* Follow this stanza name with any number of the following attribute/value pairs.
* If you do not specify an entry for each attribute, Splunk will use the default value.
items_count = <number>
* Number of saved RSS feeds.
* Cannot be more than maxresults (in [email] stanza).
* Defaults to 30.
alert_actions.conf.example
# # There is a default alert_actions.conf in $SPLUNK_HOME/etc/bundles/default/. Use this example file # to create your own custom alert_action.conf. To set custom configurations, place an # alert_actions.conf in your own custom bundle directory. [email] from = <email address> # Set a custom from email address. subject = <custom subject> # By default, the subject is SplunkAlert-<splunk-name>, but you can set a custom subject here. format = <html, plain, csv> # Specify the format of the text in the email. # Possible values: html, plain, csv. [rss] items_count=30 # Set the threshold of rss feeds.
This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.