Not see fields that I set on in Incident Settings;...

test_qweqwe · ‎04-24-2018

Hi, again.
I do not see fields that I set on in tab "Incident Settings".
http://prntscr.com/j9lasr
http://prntscr.com/j9lbcc

Or where I can see that?

And not working Alert Results in tab "Incident Posture"
http://prntscr.com/j9l6xe
What do I have to see there?

c_boggs · ‎10-12-2018

I know this is an old post, but I was having the same issue and came to realize that the app context and resulting permissions of the alert I had created was not allowing the alert_manager app to read the search results.

It would insert the "incident" just fine, but never show me fields from the incident result (by default it should display them all).

Once I cloned the alert to the alert_manager app context and made sure it was shared within the app, it worked great.

my2ndhead · ‎06-01-2018

Check that "Save incident results to KVStore" is enabled under Settings -> Global Settings

test_qweqwe · ‎04-26-2018

BUMP! UP! 🙂

p_gurav · ‎04-26-2018

What app version you are using?

test_qweqwe · ‎04-26-2018

Alert Manager 2.2.2
Splunk 7.0.3

Not see fields that I set on in Incident Settings; Not working Alert Results in Incident Posture

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!