search

alertmanager / alert_manager

Splunk Alert Manager with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features
Other
81 stars 44 forks source link

alert_handler.py #122

Closed GitMje closed 8 years ago

GitMje commented 8 years ago

First off, thank you for creating this app, it looks very nice. Unfortunately, I have not been able to get it to run. The instructions from the readme.md say to: cd $SPLUNK_HOME/bin/scripts && ln -s ../../etc/apps/alert_manager/bin/alert_handler.py alert_handler.py

but the alert_handler.py was recently removed from version control about 10 days ago. I'm not sure if the documentation is simply out of date or if the code has an issue. Note that the example app "Alert Manager Demo Data" still has alerts configured to use the alert_handler.py script.

I'm probably doing something else wrong as I'm getting " Error in 'lookup' command: The lookup table 'incidents' does not exist." but I wanted to make you aware of the code/readme.md mismatch.

Thanks for creating and maintaining this project. I am excited about the prospect of getting it running on my end soon.

Best regards,

Michael

simcen commented 8 years ago

Hi Michael

Thanks a lot for your feedback and interest in our app. May I ask which Splunk version you're running on? Since version 2.0 of the Alert Manager, the basic installation has changed from scripted alert action (using the symbolic link) to the in Splunk v6.3 introduced Custom Alert Action framework (http://docs.splunk.com/Documentation/Splunk/6.3.0/Alert/CreateCustomAlerts). So that means, to enable the Alert Manager for an alert, just go to the alerts view (e.g. http://yoursplunkserver:8000/en-US/app/search/alerts or in the app where your alert is saved) click Edit -> Edit Actions -> "+ Add Actions" and add "Alert Manager" from the list. Fill the options and hit save. Switch back to the alert manager and configure additions details in the "Incident Settings" view under the "Settings" menu item.

Also have a look to our new documentation with additional setup instructions: http://docs.alertmanager.info/Documentation/AlertManager/latest/AlertManager/ConfigureAlerts

And also I recommend that you use the app version hosted at Splunkbase (https://splunkbase.splunk.com/app/2665/) instead of any GitHub branch, as the Splunkbase version is always cleaned.

Does that help?

Best, Simon

GitMje commented 8 years ago

Simon, The link to http://docs.alertmanager.info/Documentation/AlertManager/latest/AlertManager/ConfigureAlerts is very helpful. Thank you for the assistance.

Best regards,

Michael

simcen commented 8 years ago

Glad I was able to help. Feel free to reopen this case when you have additional issues.

Cheers, Simon