All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Alerts Manager app not showing any incidents or alerts from my ES environment

ezmo1982
Path Finder
‎03-26-2021 11:03 AM

Hi 

I installed the Alerts Manager app as I was hoping to have better features to view and manage my incidents and alerts in enterprise security. I installed the app (id:2665) and the add-on (id3665) to my SH, created a new index named alerts and completed the set up. 

However there are no Incidents or Alerts showing in any of the dashboards. My understanding was that this app would pull the incidents/alerts from ES so I can manage them? But nothing is showing

In the app, i can create a new incident no problem and can see it being added to the new "alerts" index, but this isn't much use to me.

Is there something im missing here regarding this app or its purpose??

Thanks

Labels (1)
Labels
0 Karma
Reply

jamesklassen
Path Finder
‎04-12-2021 11:16 AM

Hi there, did you get it working? I'm also having difficulties with this app.

0 Karma
Reply

ezmo1982
Path Finder
‎04-14-2021 09:00 AM

No, havnt got it working yet. Cant find a way for the app to display Enterprise Security alerts.

0 Karma
Reply

jamesklassen
Path Finder
‎04-16-2021 08:32 AM

So I fixed it in my environment. I incorrectly assumed that all existing alerts would get pulled in and listed automatically on the 'Incident Posture' dashboard. But, I needed to add the 'Alert Manager' action for my existing triggered alerts first; once that was done, then those alerts would show up. 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...