Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Alert Manager - Auto assign notifications
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
I'm quite new about alert manager app.
I'm trying to configure a notification for auto-assigned incidents, but it seems it doesn't work.
On incident posture dashboard new incidents are correctly assigned to the configured user but no messages arrive from the server.
If I try to change status to resolve or closed I get an email.
What I'm doing wrong?
Thanks for your help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
these are the conditions before sending out the notification with the auto-assign user (alert_manager.py):
config['auto_assign_owner'] != ''
and config['auto_assign_owner'] != 'unassigned'
and incident_suppressed == False
and is_subsequent_resolved == False
and auto_info_resolved == False
and config['append_incident'] is Nonethe 4th and 5th lines are deprecated so we assume they are ok, the first 2 lines we assume ok as well because you assigned a user; so if the incident is not suppressed, the only one condition left is that you don't append identical incidents to the first one.
If that's the case, as it was mine, you must add a variable in the code as a workaround, to keep track of the append configuration and exclude the notification when you are in the events that are being appended and remove the
and config['append_incident'] is None
condition above, replacing it with something like is_appended == False (otherwise you receive a notification for every appended incident. You must declare and validate the variable in the code where it is checked if there is an incident to append to).
I didn't find any other solution at the moment.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
these are the conditions before sending out the notification with the auto-assign user (alert_manager.py):
config['auto_assign_owner'] != ''
and config['auto_assign_owner'] != 'unassigned'
and incident_suppressed == False
and is_subsequent_resolved == False
and auto_info_resolved == False
and config['append_incident'] is Nonethe 4th and 5th lines are deprecated so we assume they are ok, the first 2 lines we assume ok as well because you assigned a user; so if the incident is not suppressed, the only one condition left is that you don't append identical incidents to the first one.
If that's the case, as it was mine, you must add a variable in the code as a workaround, to keep track of the append configuration and exclude the notification when you are in the events that are being appended and remove the
and config['append_incident'] is None
condition above, replacing it with something like is_appended == False (otherwise you receive a notification for every appended incident. You must declare and validate the variable in the code where it is checked if there is an incident to append to).
I didn't find any other solution at the moment.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Unlocking Unified Insights: New Gigamon Federated Search App for Splunk
GA: New Data Management App in Splunk Platform
Announcing Modern Navigation: A New Era of Splunk User Experience
