Solved: Alert Manager: Why are Triggered Alerts not showin...

leonheart78 · ‎11-11-2015

I have installed the Alert Manager app and triggered an Alert through my savedsearch. I have ensured that the permission of the Alert is set to Global, and Read permission to All Apps and Everyone.

However, I'm unable to see any trigger alerts in the Alert Manager App. Pls help.

korstiaan · ‎11-18-2015

Hi I think you have 2 options at the moment if you have Splunk 6.3 download the new app:
https://splunkbase.splunk.com/app/2665/#/overview the new app in combination with Splunk 6.3 uses alert actions this is a lot easier to setup.

If you are still on the old alert manager app or on Splunk < 6.3 make sure you read this part about the installation: https://github.com/simcen/alert_manager#installation
Basically you have to create a link between the .py script from alert manager and the script directory of Splunk so that the Alert script will catch the new alerts.
Hope this helps.

View solution in original post

korstiaan · ‎11-18-2015

Hi I think you have 2 options at the moment if you have Splunk 6.3 download the new app:
https://splunkbase.splunk.com/app/2665/#/overview the new app in combination with Splunk 6.3 uses alert actions this is a lot easier to setup.

If you are still on the old alert manager app or on Splunk < 6.3 make sure you read this part about the installation: https://github.com/simcen/alert_manager#installation
Basically you have to create a link between the .py script from alert manager and the script directory of Splunk so that the Alert script will catch the new alerts.
Hope this helps.

Alert Manager: Why are Triggered Alerts not showing in the Incident Settings of the app?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases