Splunk® Enterprise

Developing Views and Apps for Splunk Web

Acrobat logo Download manual as PDF

Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Acrobat logo Download topic as PDF

Define a custom alert action user interface

Configure the UI for custom actions

When you create custom alert actions, you create an HTML fragment in an HTML file to configure the alert action. The file contains the HTML form portion used for presenting the alert action's input controls. The file does not have a full HTML document.

Place the HTML markup in the following location:

$SPLUNK_HOME/etc/apps/[app name]/default/data/ui/alerts/[HTML file name].html

The Splunk Enterprise UI uses markup consistent with Bootstrap version 2.3.2.

Controls for the form

Use controls within Bootstrap control groups so users can select which actions to enable.

For a control within a control group, match the name attribute for the <input> tag with parameters defined in the savedsearches.conf.spec file. The value that is entered into the text input ends up in savedsearches.conf.

The following example creates a text control that matches the name of a chat room parameter.

.../[app name]/default/data/ui/alerts/[html file name].html

<form class="form-horizontal form-complex">
  <div class="control-group">
      <label class="control-label" for="chat_room">room</label>

      <div class="controls">
        <input type="text" name="action.chat.param.room" id="chat_room" />
        <span class="help-block">chat room to notify</span>
    . . .


# chat alert settings
action.chat.param.room = <string>
* Name of the room to send the notification to
* (required)
. . .

Security considerations

Only static HTML markup should be used. Do not include scripts or other constructs that could put your system at risk.

Linking to static resources

To include URLS or links to static resources, use the replacement tag {{ SPLUNKWEB_URL_PREFIX }}.

Last modified on 25 August, 2016
Create a custom alert action script
Optional custom alert action components

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters