Splunk® Enterprise

Developing Views and Apps for Splunk Web

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Define a custom alert action user interface

Configure the UI for custom actions

When you create custom alert actions, you create an HTML fragment in an HTML file to configure the alert action. The file contains the HTML form portion used for presenting the alert action's input controls. The file does not have a full HTML document.

Place the HTML markup in the following location:

$SPLUNK_HOME/etc/apps/[app name]/default/data/ui/alerts/[HTML file name].html

The Splunk Enterprise UI uses markup consistent with Bootstrap version 2.3.2.

Controls for the form

Use controls within Bootstrap control groups so users can select which actions to enable.

For a control within a control group, match the name attribute for the <input> tag with parameters defined in the savedsearches.conf.spec file. The value that is entered into the text input ends up in savedsearches.conf.

The following example creates a text control that matches the name of a chat room parameter.

.../[app name]/default/data/ui/alerts/[html file name].html

<form class="form-horizontal form-complex">
  <div class="control-group">
      <label class="control-label" for="chat_room">room</label>

      <div class="controls">
        <input type="text" name="action.chat.param.room" id="chat_room" />
        <span class="help-block">chat room to notify</span>
    . . .


# chat alert settings
action.chat.param.room = <string>
* Name of the room to send the notification to
* (required)
. . .

Security considerations

Only static HTML markup should be used. Do not include scripts or other constructs that could put your system at risk.

Linking to static resources

To include URLS or links to static resources, use the replacement tag {{ SPLUNKWEB_URL_PREFIX }}.

Create a custom alert action script
Optional custom alert action components

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters