All Apps and Add-ons

Issue wtih Alert Manager Add-On for Splunk Cloud?

rdiazalo
Observer

Hi,

I got an issue configuring alert manager app. The incident posture filter is not working.

rdiazalo_0-1668764760203.png

It does not matter what info I change inside the red box. The alerts that are shown below does not change at all.

Any help will be grateful.

Labels (1)
Tags (1)
0 Karma

rohe
Observer

Hi @gcusello ,

What could be the problem for me?

I can't define a user

Bildschirmfoto 2023-01-22 um 09.18.33.png

Bildschirmfoto 2023-01-22 um 09.19.37.png

0 Karma

gcusello
Esteemed Legend

Hi @rohe,

sorry I didn't see this error.

Please could you share a screenshot in english, you can do this replacing the language in the link with "en-US".

Ciao.

Giuseppe

0 Karma

gcusello
Esteemed Legend

Hi @rdiazalo,

to see alerts in Alert Manager, you have to configure all your alerts as Global, otherwise you don't see in this App.

If you found some error in JS execution, there's a message that you can find on the GitHub site.

Ciao.

Giuseppe

 

0 Karma

rdiazalo
Observer

Hi @gcusello

Al the alerts are in global.

rdiazalo_0-1668765584664.png

I can see al the alerts on the dashboard. What I cannot do is to filter them. If I choose to just see the ones with new status, it still show me all the alerts.  In this example I select to just see critical alerts in the las 24 hours but it still shows me all alerts of the last 24 hours.

rdiazalo_1-1668765898809.png

 

0 Karma

gcusello
Esteemed Legend

Hi @rdiazalo,

it's strange I haven't your behaviour:

gcusello_0-1668766915534.png

and the only customization I did was the Global sharing.

Which version are you using? I'm using 3.0.11.

Ciao.

Giuseppe

0 Karma

rdiazalo
Observer

This are the version of alert manager that I have:

rdiazalo_0-1668768008519.png

 

I made a health test and find that TA- alert_manager got a warning. 

rdiazalo_1-1668768242557.png

What version of Alert Manager Add-on do you have?

 

0 Karma

gcusello
Esteemed Legend

Hi @rdiazalo,

I haven't the Add-On.

Ciao.

Giuseppe

0 Karma

rdiazalo
Observer

Hi @gcusello ,

I have perform a restart today to delete Alert manager Add-On but the filter still don't work. 

Did you change any query or something for it to work?

Regards 

0 Karma

gcusello
Esteemed Legend

Hi @rdiazalo,

No I didn't, the only customization was the Global sharing for all alerts.

Ciao.

Giuseppe

0 Karma

rdiazalo
Observer

Hi @gcusello ,

I found what the issue was. 

I had an issue importing the query.

Can you send me your Search String? I think that my query still has some issues. So I would like to compare mine with yours.

rdiazalo_0-1670406783255.png

Regards,

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...