Alert Manager Enterprise - Event Results are not s...

Nithiya1

Hello,

I have encountered an issue with the Alert Manager Enterprise application.

Alerts are getting triggered and can see the events in AME. But couldn't find event results in Data Tab.

Could see below error when click on events:

Failed to parse search results

Retrieving workflow actions failed. Please check your connection and your permissions.

Do you have any suggestion for how to get data here?

Thank you

Nithiya1

I could see below error

error="12 validation errors for NotificationScheme flows.trigger_condition.MatchComposite.conditions.0.MatchComposite.composite_type Field required [type=missing, input_value={'component_type': 'leaf'...lue': 'ame.status_name'}, input_type=dict] For further information visit https://errors.pydantic.dev/2.5/v/missing

Any idea how to fix it?

gcusello

Hi @Nithiya1 ,

what is the sharing level of your alerts?

to be visible in Alert Manager, they must be Global.

Ciao.

Giuseppe

Nithiya1

Hello @gcusello

I have changed sharing level to Global. But still i couldn't see results under data tab.

Nithiya1

Any update here please?

Thanks in Advance!!

Alert Manager Enterprise - Event Results are not showing in Data tab

other

troubleshooting

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Are you a member of the Splunk Community?