Solved: Where can I set the app context in the Incident Se...

Plotkowski · ‎11-18-2015

Hi,

Where can I set the App context in the incident settings on Alert Manager 2.0 with Splunk 6.3?

I can only see the alarms from the Search app, not from other apps like DMC. and there is no option to change the app context.

Simon · ‎11-18-2015

Hi
The context doesn't need to be selected explicitly anymore. In the incident settings, alarms get listed with the following criteria from all apps whether it's sharing is app only or global:

The Custom Alert Action is enabled
The alarm is not private

Can you double-check if your alarm meets the criteria above?
Thanks,
Simon

View solution in original post

Simon · ‎11-18-2015

Hi
The context doesn't need to be selected explicitly anymore. In the incident settings, alarms get listed with the following criteria from all apps whether it's sharing is app only or global:

The Custom Alert Action is enabled
The alarm is not private

Can you double-check if your alarm meets the criteria above?
Thanks,
Simon

Plotkowski · ‎11-23-2015

Thank you that was the problem. After upgrading we still had only the script-action under "actions" and not the custom alert action. After we enabled it in the actions the alarm showed up under incident settings.

Where can I set the app context in the Incident Settings on the Alert Manager 2.0 app with Splunk 6.3?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases