Solved: Alert Manager -- Does anyone have this app working...

jamesklassen · ‎04-12-2021

So this app looks amazing and exactly what my team needs, but I can NOT get this thing working. Has anyone out there in the community managed to run this thing successfully? It's just been one problem after another and I don't think I'm getting anywhere.

Right now I think I've narrowed the issue to a line in the "alert_manager_scheduler.log" in splunk/var/log, which states: ...message="No saved searches found in system, skipping..."(alert_manager_scheduler.py:86)

Additionally, there is no data in my alerts index...which is what I had set as the index in Global Settings.

Note that I'm on Windows, and in an offline (no internet) environment.

The app in question is here: Alert Manager | Splunkbase

Documentation here: Introduction - Alert Manager

jamesklassen · ‎04-16-2021

I completely missed a step. I've got it working now.

For anyone else who is in a similar situation in the future, you need to add the 'Alert Manager' Triger Action to your existing alerts before they'll feed into Alert Manager. I had unfortunately just assumed that all my existing alerts would magically appear in the 'Alert Manager' dashboard.

View solution in original post

jamesklassen · ‎04-16-2021

I completely missed a step. I've got it working now.

For anyone else who is in a similar situation in the future, you need to add the 'Alert Manager' Triger Action to your existing alerts before they'll feed into Alert Manager. I had unfortunately just assumed that all my existing alerts would magically appear in the 'Alert Manager' dashboard.

Alert Manager -- Does anyone have this app working?

configuration

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update