Closed TWFpa2Vs closed 8 years ago
simcen
commented
8 years ago Hi Thanks for the report. Can you double-check the "alerts" index manually at the time when the new incident should have been created, if there are any entries? Also alert_manager.log from that period would help me to analyze. Thanks Simon
simcen
commented
8 years ago Do you have any feedback on my latest comment?
TWFpa2Vs
commented
8 years ago Hi Simcen, we stopt using Alert Manager because of the inconsistent results and i have deleted all the data.
simcen
commented
8 years ago Sorry to hear that. Have a look at the recent version released, they contain tons of bugfixes and also we've updated the documentation at http://docs.alertmanager.info If there's any chance to get the app back in, let me know if I can support you. Thanks again for the interest. Simon
Yesterday i noticed the following, we are using alert manager for all our triggered alerts, but yesterday a incident was closed but a new one was not created. we use the function to close tickets if they are not changed.
_time user action details comment 2016-01-27 15:23:23.386 splunk-system-user auto_previous_resolve Incident resolved by system (because of a new incident)
2016-01-27 15:21:17.893 splunk-system-user change status has been changed from 'new' to 'auto_assigned'
2016-01-27 15:21:17.885 splunk-system-user change owner has been changed from 'unassigned' to 'Maikel'
2016-01-27 15:21:16.052 splunk-system-user create Incident created
the new incident was not created, we did not see this behavior on other days so is seems like a glitch if you need any more info please let me know.