Re: Alert Manager functionality not working in sea...

sandyIscream · ‎11-16-2017

We have implemented Alert manager in our prod environment.

The problem we are facing is that when we try to assign the alerts to a user in Splunk it is not working whereas when we try to do the same thing from the other search head it's getting assigned properly.

I checked the replication bundle status, artifacts count but didn't find any clue as to why this is happening.

Can someone explain as to why this is happening.

nawazns5038 · ‎03-12-2019

Alert manager started working only after I changed the permissions of the alert to App rather than private.
Check permissions of the alerts

jkat54 · ‎01-27-2019

Check for kvstore issues by searching

index=_internal sourcetype=mongod log_level=error

Correct any errors you see.

Also If you have a newer version of splunk there is a “Search Head Clustering” link in the settings drop down. It might have some clues too.

davpx · ‎01-25-2019

You should ask simon@balz.me who created this.

sudosplunk · ‎07-30-2018

Hello,

Not sure if you were able to fix this but are you using "Alert Manager" app from splunkbase? If yes, what is the version of the app?
Looks like the new version 2.2.2 has enhanced support for search head cluster.

Alert Manager functionality not working in search head clsuter environment

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation