All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Alert Manager: Why are no alerts showing up in a cloned Incident Posture dashboard?

Moonveil
Explorer
‎10-17-2016 10:46 AM

Hello,

I wanted to play around with Incident Posture without modifying the original, so I created a clone of the dashboard. However, I am having issues getting the alerts to display properly in the clone. The alerts show up just fine in the original incident posture dashboard, and I haven't made any code modifications in the clone, so I'm not sure why that is.

I can only see the top half in the cloned dashboard, (the part with trending information and the dropdowns/filters for "Recent Incidents"), but the alerts that should show up in the bottom half is just blank. I don't see any errors printed in the console, and if I select "Edit Panels" and look at the search string, it is exactly the same as the one in the original.

Is there something hardcoded in the javascript files that I need to change in order for the alerts to be populated in cloned dashboards? Any help on this matter is greatly appreciated.

Thank you.

Reply
1 Solution
Solved! Jump to solution
Solution

Moonveil
Explorer
‎10-17-2016 11:39 AM

To answer my own question, the issue is caused by the "Incident ID", "Title", and "Freeform Filter" fields. After checking Activity > Jobs, it looks like in the original dashboard, the token values are applied automatically when the search is run, so you'll see the alerts even if you leave those three fields blank. However, this is not the case for cloned dashboards.

To get the alerts to show up, just set * as the default value for those three fields, or type it in manually and the alerts should display properly.

View solution in original post

Reply
Solved! Jump to solution
Solution

Moonveil
Explorer
‎10-17-2016 11:39 AM

To answer my own question, the issue is caused by the "Incident ID", "Title", and "Freeform Filter" fields. After checking Activity > Jobs, it looks like in the original dashboard, the token values are applied automatically when the search is run, so you'll see the alerts even if you leave those three fields blank. However, this is not the case for cloned dashboards.

To get the alerts to show up, just set * as the default value for those three fields, or type it in manually and the alerts should display properly.

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...