I had Splunk 6.4.0 and an older version of Alert Manager running. With the exception of the display issues, everything was running great.
I downloaded and installed the 2.0.5 version of Alert Manager and now the Incident Posture screen displays correctly, including counts and little line graphs, but no individual listing of the Alerts.
Also, is there another way to list these besides the Incident Posture screen? We really need to acknowledge these alerts ASAP!
Thanks!
Can you try to select "All" in the status filter? The single values count and display all incidents where the table below only lists incident matching the filter rules.
Thx for the feedback, will double-check that. But it did help that your incidents showed up again?
Yes, they now show up. Seems to be a combination of re-inputting the "*" in those 3 fields and selecting "ALL".
Thanks.
Sorry for the delay, I was out of the office for a few days.
Thanks for the suggestion, but I had already done this with no luck. Even with only the "ALL" filter in there it returned no results. So I decided to mess with the other fields....
It seems that I have to put a "*" into the last 3 fields manually for any results to show up now. I don't believe I had to do that in the previous version.