All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Alerts Manager app not showing any incidents or alerts from my ES environment

ezmo1982
Path Finder
‎03-26-2021 11:03 AM

Hi 

I installed the Alerts Manager app as I was hoping to have better features to view and manage my incidents and alerts in enterprise security. I installed the app (id:2665) and the add-on (id3665) to my SH, created a new index named alerts and completed the set up. 

However there are no Incidents or Alerts showing in any of the dashboards. My understanding was that this app would pull the incidents/alerts from ES so I can manage them? But nothing is showing

In the app, i can create a new incident no problem and can see it being added to the new "alerts" index, but this isn't much use to me.

Is there something im missing here regarding this app or its purpose??

Thanks

Labels (1)
Labels
0 Karma
Reply

jamesklassen
Path Finder
‎04-12-2021 11:16 AM

Hi there, did you get it working? I'm also having difficulties with this app.

0 Karma
Reply

ezmo1982
Path Finder
‎04-14-2021 09:00 AM

No, havnt got it working yet. Cant find a way for the app to display Enterprise Security alerts.

0 Karma
Reply

jamesklassen
Path Finder
‎04-16-2021 08:32 AM

So I fixed it in my environment. I incorrectly assumed that all existing alerts would get pulled in and listed automatically on the 'Incident Posture' dashboard. But, I needed to add the 'Alert Manager' action for my existing triggered alerts first; once that was done, then those alerts would show up. 

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...