param.view_link for splunk app is sending default hostname rather than splunk url please help

[dwhitehead95]

Discussed in https://github.com/splunk/slack-alerts/discussions/47

^{Originally posted by **dwhitehead95** September 27, 2023} We upgraded Splunk to version 9.1(latest) and now our splunk slack alerts are showing our internal default hostname rather than our main splunk url in attached links to alerts. Our internal hostname is unprotected so we need to fix this. I tried specifying the proper url as a param.attachment_results_link in our alert_actions.conf file within the slack_alerts app folder but now the alerts are showing the link I specified rather than a link to the search relevant to the alert setup. How is the view_link variable generated and how can I change it to a desired url while still having the following information that will take the user to the search setup by their alert?

[AvryH]

Hi @dwhitehead95 , I was having the same issue after upgrading to 9.1.1 from 9.0.5.1. I was able to find a solution by modifying alert_actions.conf as described here: https://community.splunk.com/t5/Reporting/How-to-modify-the-quot-View-Results-in-Splunk-quot-link-from/m-p/202301

Previously, I had hostname set within the email stanza and all my links had been showing up fine. After this upgrade, once I defined hostname within the default stanza my links returned to normal.

Hope this helps!