https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Add-on-for-SolarWinds-Alerts-input-not-working/m-p/584550#M11535 <P>We resolved this issue ourselves.&nbsp; &nbsp; The needed Splunk logs&nbsp; for each SolarWinds Alert can be found at $SPLUNK_HOME/var/log/splunk. When looking at the solarwinds_alerts log,&nbsp; we noticed that the initial_start_time was set to the future --&nbsp; it was set to&nbsp;<SPAN>2022-02-28T00:00:00.0&nbsp; instead of 2022-01-28T00:00:00.0.&nbsp; We changed the&nbsp; initial_start_time to&nbsp;2022-01-28T00:00:00.0 in the GUI, restarted splunk, and tested again.&nbsp; Still no alerts being generated.&nbsp; &nbsp;We then rebooted the server and the alerts were still not being generated after reboot.&nbsp; &nbsp;When we looked at the log file again it kept identifying the original&nbsp; incorrect&nbsp;initial_start_time in the log though it was displayed correctly with a time of&nbsp;2022-01-28T00:00:00.0&nbsp;&nbsp;in the GUI.&nbsp; &nbsp;Finally, we created a new alert with the correct&nbsp;initial_start_time of&nbsp;2022-01-28T00:00:00.0 and everything worked.&nbsp; &nbsp;The original alert still does not work.</SPAN></P> Thu, 10 Feb 2022 15:46:22 GMT Splunking 2022-02-10T15:46:22Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Add-on-for-SolarWinds-Alerts-input-not-working/m-p/583599#M11424 <P>We have a standalone Splunk Enterprise environment running Splunk 8.2.x.&nbsp; &nbsp;We have loaded the Splunk Add-on for SolarWinds&nbsp; (latest version -- just downloaded it about two weeks ago).&nbsp; &nbsp; We are trying to get all three SolarWinds inputs (Alerts, Query, Inventory) to work in the Splunk Add-on for SolarWinds.&nbsp; The Query and Inventory Inputs work fine but the Alerts are not working&nbsp; (we are getting no data returned even though SolarWinds is producing alerts on its console).&nbsp; My questions are these:</P><P>1.&nbsp; Has anyone else experienced this problem and found a solution?</P><P>2.&nbsp; Does anyone know which logs in either Splunk or SolarWinds that we can look at to help debug this issue?</P><P>Thanks for your help.</P> Thu, 03 Feb 2022 16:37:52 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Add-on-for-SolarWinds-Alerts-input-not-working/m-p/583599#M11424 Splunking 2022-02-03T16:37:52Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Add-on-for-SolarWinds-Alerts-input-not-working/m-p/584550#M11535 <P>We resolved this issue ourselves.&nbsp; &nbsp; The needed Splunk logs&nbsp; for each SolarWinds Alert can be found at $SPLUNK_HOME/var/log/splunk. When looking at the solarwinds_alerts log,&nbsp; we noticed that the initial_start_time was set to the future --&nbsp; it was set to&nbsp;<SPAN>2022-02-28T00:00:00.0&nbsp; instead of 2022-01-28T00:00:00.0.&nbsp; We changed the&nbsp; initial_start_time to&nbsp;2022-01-28T00:00:00.0 in the GUI, restarted splunk, and tested again.&nbsp; Still no alerts being generated.&nbsp; &nbsp;We then rebooted the server and the alerts were still not being generated after reboot.&nbsp; &nbsp;When we looked at the log file again it kept identifying the original&nbsp; incorrect&nbsp;initial_start_time in the log though it was displayed correctly with a time of&nbsp;2022-01-28T00:00:00.0&nbsp;&nbsp;in the GUI.&nbsp; &nbsp;Finally, we created a new alert with the correct&nbsp;initial_start_time of&nbsp;2022-01-28T00:00:00.0 and everything worked.&nbsp; &nbsp;The original alert still does not work.</SPAN></P> Thu, 10 Feb 2022 15:46:22 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Add-on-for-SolarWinds-Alerts-input-not-working/m-p/584550#M11535 Splunking 2022-02-10T15:46:22Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Add-on-for-SolarWinds-Alerts-input-not-working/m-p/680870#M18886 <P>Are you saying that the add-on is not worth using?</P> Fri, 15 Mar 2024 20:16:15 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-Add-on-for-SolarWinds-Alerts-input-not-working/m-p/680870#M18886 ilhwan 2024-03-15T20:16:15Z