All Apps and Add-ons

Alert Manager: Why is the Incident Posture dashboard not displaying alerts?

vanderaj1
Path Finder

Hello,

I've installed the Alert Manager App on my search head and the TA on my search head and indexers. Fired alerts were coming into the Incident Posture dashboard just fine. I could see the alerts and update/assign them. Then it just seemed to stop working. I can't see any alerts in the lower portion of the Incident Posture dashboard now. I can only see the upper portion of the Dashboard (where trending information and "recent incident" drop-downs are displayed)

The alerts are there (i.e. I can see them when I go to Reports->Incident Export. However, there seems to be an issue with seeing them via the Incident Posture dashboard itself. When I edit the panels, the "Alert Results" portion of the dashboard reads "Search is waiting for input..."

Any guidance would be appreciated!

Thank you....

0 Karma
1 Solution

vanderaj1
Path Finder

To answer my own question, something must have been malfunctioning in the TA. I ended up re-installing and I'm back up and running again.

View solution in original post

0 Karma

dgillette3
Explorer

I had the EXACT same problem. The app worked fine for about a month and then one day incidents just stopped appearing in the Incident Posture dashboard. Bizarre. I too resolved the issue by reinstalling the add-on. I also reinstalled the app.

0 Karma

vanderaj1
Path Finder

To answer my own question, something must have been malfunctioning in the TA. I ended up re-installing and I'm back up and running again.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...