Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Newly added Splunk alert action doesn't show in Alert

wendtb
Path Finder
‎05-15-2019 09:56 AM

I have just added 2 new alert actions in Splunk. I verified that the permissions on the alert action are read for everyone, and the app for that alert action is shared to everything. I am unable to see the alert actions in an alert that is already configured.

The alert actions are being distributed via deployment server to two search heads.

What am I missing?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

wendtb
Path Finder
‎05-22-2019 08:09 AM

This was resolved with help from the Splunk slack channel.

I had to import the app into ES in order for the alert action to show up for ES alerts. This only applies to ES versions 5.2.2 or before.

Reference Document: https://docs.splunk.com/Documentation/ES/5.2.2/Install/ImportCustomApps

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

wendtb
Path Finder
‎05-22-2019 08:09 AM

This was resolved with help from the Splunk slack channel.

I had to import the app into ES in order for the alert action to show up for ES alerts. This only applies to ES versions 5.2.2 or before.

Reference Document: https://docs.splunk.com/Documentation/ES/5.2.2/Install/ImportCustomApps

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎05-20-2019 08:51 AM

Are the search heads, standalone search heads? If it is Clustered, then Deployment-server is NOT the method to deploy apps to SHC

if it is standalone Search Heads, please run a btool on the Search Head to see if which app owns the alerts and ensure the permissions are correct in SH

/opt/splunk/bin/splunk cmd btool alert_actions list --debug > /tmp/alert_actions.btool.txt

cheers

0 Karma
Reply
Solved! Jump to solution

wendtb
Path Finder
‎05-20-2019 09:14 AM

What am I looking for in the alert_actions.conf that tells me which app owns the alerts? I don't see anything specifically referring to ownership.

These are also standalone search heads.

0 Karma
Reply
Solved! Jump to solution

wendtb
Path Finder
‎05-20-2019 08:33 AM

I also tried direct install of the alert actions/app onto the Search Head, and I am having the same problem.

0 Karma
Reply
Get Updates on the Splunk Community!

Let’s Talk Terraform

If you’re beyond the first-weeks-of-a-startup stage, chances are your application’s architecture is pretty ...

Cloud Platform | Customer Change Announcement: Email Notification is Available For ...

The Notification Team is migrating our email service provider. As the rollout progresses, Splunk has enabled ...

Save the Date: GovSummit Returns Wednesday, December 11th!

Hey there, Splunk Community! Exciting news: Splunk’s GovSummit 2024 is returning to Washington, D.C. on ...