Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

AME not showing alerts in app

HopyardMiner
New Member
‎06-06-2025 07:37 AM

I have successfully setup AME and tested the tenant connection and get back connector is healthy.  I can also send test event from the tenant setup page and can see it in the default index.  If I go to events there is not test not any of the alerts I have configured to send to AME even though I can see them in the traditional triggered alerts as they are still configured as well.  Looking in _internal I do see the below error:

2025-06-06T11:24:06.612+00:00 version=3.4.0 log_level=ERROR pid=1615220 s=AbstractHECWrapper.py:send_chunk:304 uuid=***************** action=sending_event reason="[Errno 111] Connection refused"

Seems to suggest there is an issue with HEC, but the tenant shows green/healthy and the test comes to the index.  Any assistance would be appreaciated.

Also, if I create an event from the Events page, that does show up in the app:  

HopyardMiner_0-1749220532662.png

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply

seiimonn
New Member
‎06-07-2025 07:01 AM

Hi!

If the logs produced by AME can not be sent to the index, you will not get any alert data when expanding events.

It would be easiest if you could open a support case in our support portal and provide the output of the following search as a CSV export.

index=_internal source=*ame* ERROR | table _time host source _raw

 

Regards,
Simon

0 Karma
Reply

HopyardMiner
New Member
‎06-06-2025 08:32 AM

Seeing events now.  The default template needed a notification assigned and that notification needed to be defined as there was none.  The error mentioned above is still showing but am not sure if it is causing any seen issues.

0 Karma
Reply
Get Updates on the Splunk Community!

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

Splunk New Course Releases for a Changing World

Every day, the world feels like it’s moving faster with new technological breakthroughs, AI innovation, and ...

Insights from .conf 2025, Smart Edge Processor Scaling, and a New Splunk Lantern ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...