All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Alert Manager: How do I get the "tags" field populated?

daniel333
Builder
‎04-25-2016 09:51 PM

All,

Just playing around with the Alert Manager app from Splunkbase. Not sure how I get the "tags" field populated? It's not a tags.conf field it seems? Seems it gathered somehow in the data model?

thanks!

Reply

Simon
Contributor
‎04-25-2016 10:50 PM

Hi daniel

You already gave the answer yourself.
For all the other folks:
Besides the custom alert settings, which can't be changed after an incident has been generated, there are some addition properties which can be changed by alert under Settings -> Incident Settings. These settings apply also for already existing incidents, that's why they are separated from the general alert action settings.

Hope that answers your question.
Simon

0 Karma
Reply

Simon
Contributor
‎04-25-2016 10:48 PM

Hi Daniel
I'm afraid it's not possible but this is a great idea!
I just created an enhancement request. Have a look at https://github.com/simcen/alert_manager/issues/123 to track progress.

Thanks
Simon

0 Karma
Reply

daniel333
Builder
‎04-25-2016 10:09 PM

Oh! i see it's an option under incident settings in the GUI. Is there a way to generate this value from my search?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...