All Apps and Add-ons

Alert Manager: Why is the Incident Posture dashboard not displaying alerts?

vanderaj1
Path Finder

Hello,

I've installed the Alert Manager App on my search head and the TA on my search head and indexers. Fired alerts were coming into the Incident Posture dashboard just fine. I could see the alerts and update/assign them. Then it just seemed to stop working. I can't see any alerts in the lower portion of the Incident Posture dashboard now. I can only see the upper portion of the Dashboard (where trending information and "recent incident" drop-downs are displayed)

The alerts are there (i.e. I can see them when I go to Reports->Incident Export. However, there seems to be an issue with seeing them via the Incident Posture dashboard itself. When I edit the panels, the "Alert Results" portion of the dashboard reads "Search is waiting for input..."

Any guidance would be appreciated!

Thank you....

0 Karma
1 Solution

vanderaj1
Path Finder

To answer my own question, something must have been malfunctioning in the TA. I ended up re-installing and I'm back up and running again.

View solution in original post

0 Karma

dgillette3
Explorer

I had the EXACT same problem. The app worked fine for about a month and then one day incidents just stopped appearing in the Incident Posture dashboard. Bizarre. I too resolved the issue by reinstalling the add-on. I also reinstalled the app.

0 Karma

vanderaj1
Path Finder

To answer my own question, something must have been malfunctioning in the TA. I ended up re-installing and I'm back up and running again.

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...