This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3
Alert_actions.conf controls parameters for available alerting actions for scheduled searches.
To edit this configuration for your local Splunk server, make your edits in $SPLUNK_HOME/etc/bundles/local/alert_actions.conf.
You can create this file by copying examples from $SPLUNK_HOME/etc/bundles/READMEalert_actions.conf.example.
Never edit files in our default bundle in $SPLUNK_HOME/etc/bundles/default or your changes may be overwritten in an upgrade.
# This file contains possible values for specific properties of email and rss
# tsaved search action/alert in actions.conf file
[<email saved search action>]
from = <string>
* Email address from where the email is coming from
subject = <string>
* By default the subject is SplunkAlert-<splunkname>.
* You can use this to specify an alternative email subject
format = <string>
* Specify the format of the text in the email.
* Possible values include: plain, html and csv.
* The value for will also apply to any attachments as well as the text of an email.
[rss saved search action]
items_count = <number>
* Threshold of how many rss feeds will be saved