All Apps and Add-ons

Not see fields that I set on in Incident Settings; Not working Alert Results in Incident Posture

test_qweqwe
Builder

Hi, again.
I do not see fields that I set on in tab "Incident Settings".
http://prntscr.com/j9lasr
http://prntscr.com/j9lbcc

Or where I can see that?

And not working Alert Results in tab "Incident Posture"
http://prntscr.com/j9l6xe
What do I have to see there?

0 Karma

c_boggs
Explorer

I know this is an old post, but I was having the same issue and came to realize that the app context and resulting permissions of the alert I had created was not allowing the alert_manager app to read the search results.

It would insert the "incident" just fine, but never show me fields from the incident result (by default it should display them all).

Once I cloned the alert to the alert_manager app context and made sure it was shared within the app, it worked great.

0 Karma

my2ndhead
SplunkTrust
SplunkTrust

Check that "Save incident results to KVStore" is enabled under Settings -> Global Settings

test_qweqwe
Builder

BUMP! UP! 🙂

0 Karma

p_gurav
Champion

What app version you are using?

0 Karma

test_qweqwe
Builder

Alert Manager 2.2.2
Splunk 7.0.3

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...