Running Alert Manager 2.1.4 + Alert Manager Add-on 2.1.1 on Splunk Enterprise 6.5.2.
Frequently when I click on an event I get No results found. in Alert Results.
I've tried clicking on a couple events created by the same alert and for some alerts I get results but for most I don't.
I've tried using | loadincidentresults dbb2f73c-a016-4f9a-988d-4cd9f9bedb73 with different incident_id and had the same results.
| loadincidentresults dbb2f73c-a016-4f9a-988d-4cd9f9bedb73
I think there may be some type of issue when Alert Manager tries to save the triggered alerts to Splunk kvstore.
Do you have any troubleshooting steps I can follow?
Thanks for your help,
well probably not the best answer but you can check ( and edit be careful!!) the kv store tables very easily with this app
now beyond that I would say make sure the alert manager users are set up and have been given the alert manager and alert manager admin roles as needed