Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Alert Manager: Why is the Incident Posture das...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I've installed the Alert Manager App on my search head and the TA on my search head and indexers. Fired alerts were coming into the Incident Posture dashboard just fine. I could see the alerts and update/assign them. Then it just seemed to stop working. I can't see any alerts in the lower portion of the Incident Posture dashboard now. I can only see the upper portion of the Dashboard (where trending information and "recent incident" drop-downs are displayed)
The alerts are there (i.e. I can see them when I go to Reports->Incident Export. However, there seems to be an issue with seeing them via the Incident Posture dashboard itself. When I edit the panels, the "Alert Results" portion of the dashboard reads "Search is waiting for input..."
Any guidance would be appreciated!
Thank you....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To answer my own question, something must have been malfunctioning in the TA. I ended up re-installing and I'm back up and running again.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the EXACT same problem. The app worked fine for about a month and then one day incidents just stopped appearing in the Incident Posture dashboard. Bizarre. I too resolved the issue by reinstalling the add-on. I also reinstalled the app.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To answer my own question, something must have been malfunctioning in the TA. I ended up re-installing and I'm back up and running again.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
