All Apps and Add-ons

Drilldown Configurations not showing (don't work) in "Alert Manager" app

woodcock
Esteemed Legend

We deploying Alert Manager with a new client.

Most of my alerts have a "DRILLDOWN_URL" field which contains context-specific SPL.
I am trying to configure this to be a 1-click operation to run using "Drilldown Actions" but these do not work:

_keynamelabelurl
6169aad5005c277d3b3788d5Splunk search to show contributing events for this instance of this alertContributing Eventshttps://localhost:8000/en-US/app/alert_manager/search?q=$DRILLDOWN_SPL|u$
6169af6f005c277d3b3788d6Splunk search to show contributing events for this instance of this alertContributing_Events_2

https://localhost:8000/en-US/app/alert_manager/search?q=$DRILLDOWN_SPL$

 

 


I still get no drilldowns defined in the investigation screen.

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...