Re: Alert Manager: How do I get the "tags" field p...

daniel333 · ‎04-25-2016

All,

Just playing around with the Alert Manager app from Splunkbase. Not sure how I get the "tags" field populated? It's not a tags.conf field it seems? Seems it gathered somehow in the data model?

thanks!

Simon · ‎04-25-2016

Hi daniel

You already gave the answer yourself.
For all the other folks:
Besides the custom alert settings, which can't be changed after an incident has been generated, there are some addition properties which can be changed by alert under Settings -> Incident Settings. These settings apply also for already existing incidents, that's why they are separated from the general alert action settings.

Hope that answers your question.
Simon

Simon · ‎04-25-2016

Hi Daniel
I'm afraid it's not possible but this is a great idea!
I just created an enhancement request. Have a look at https://github.com/simcen/alert_manager/issues/123 to track progress.

Thanks
Simon

daniel333 · ‎04-25-2016

Oh! i see it's an option under incident settings in the GUI. Is there a way to generate this value from my search?

Alert Manager: How do I get the "tags" field populated?

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...