Alert Manager functionality not working in search ...

sandyIscream · ‎11-16-2017

We have implemented Alert manager in our prod environment.

The problem we are facing is that when we try to assign the alerts to a user in Splunk it is not working whereas when we try to do the same thing from the other search head it's getting assigned properly.

I checked the replication bundle status, artifacts count but didn't find any clue as to why this is happening.

Can someone explain as to why this is happening.

nawazns5038 · ‎03-12-2019

Alert manager started working only after I changed the permissions of the alert to App rather than private.
Check permissions of the alerts

jkat54 · ‎01-27-2019

Check for kvstore issues by searching

index=_internal sourcetype=mongod log_level=error

Correct any errors you see.

Also If you have a newer version of splunk there is a “Search Head Clustering” link in the settings drop down. It might have some clues too.

davpx · ‎01-25-2019

You should ask simon@balz.me who created this.

sudosplunk · ‎07-30-2018

Hello,

Not sure if you were able to fix this but are you using "Alert Manager" app from splunkbase? If yes, what is the version of the app?
Looks like the new version 2.2.2 has enhanced support for search head cluster.

Alert Manager functionality not working in search head clsuter environment

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!