Alerting

Alert manager app - No alerts indexed...

clementros
Path Finder

Hi,

I have installed alert manager app and followed documentation for installation.

I have splunk 7.2.4 on a single instance server and Alert manager 2.2.0 add-on. I also installed Python for scientific Computing in Splunk.

After this steps i created an index in my splunk instance :

|    Name    |    Type    |           App           |    Current Size    |    Max Size    |
|   alerts   |   Events   |      alert_manager      |         1MB        |      500GB     |

In the alert manager apps Settings > Global Settings menu, i applied the following configuration :

Globals

Index: alerts
Default Owner: unassigned
Default Priority: low
Number of incidents show in incident posture: 20

- Save incident results to KVStore (checked)
- Index incident results (Not checked)
- Automatically close informational events (Not checked)

Status to use for automatically closed informational events: auto_info_resolved

Alert Action Defaults

Impact: low
Urgency: low

After applied this configuration, i went in my Machine learning toolkit splunk application and i generate an alert with parameter Trigger Actions:

When triggered : 

- Add to Triggered Alerts
- Alert Manager

Title: Test
Impact: low
Urgency: low
Owner: Unassigned

But with all this configuration nothing appear in the alerts index and in the alert manager dashboard.

Any idea ?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...