"Doedit" feature in new version of lert manager is not working.

alertmanager / alert_manager

Splunk Alert Manager with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features

Other

81 stars 44 forks source link

"Doedit" feature in new version of lert manager is not working. #233

Open ThreatHunterDiary opened 5 years ago

ThreatHunterDiary commented 5 years ago

Hi @simcen,

I Have upgraded to Newest version of Alert Manager 2.3.0 from 2.1.4 in Indexer and Search Head Cluster environment with 3 Search heads and 1 Indexer.

But after upgrading the new alert manager I am not able to Close/Edit any of the alert. Only the Bulk edit option is working but in that also selection is not available.

Any workaround???

ThreatHunterDiary commented 5 years ago

Heyy @simcen @my2ndhead

Still Stuck here. I tried downgrading the Alert Manager as well but if i do so, all the older triggered alerts data is not visible afterwards.

Any suggestions??

agentsofshield commented 5 years ago

I had the same problem, when I tried to edit an alert the status selection was disabled and I couldn't save the changes. I figured was that the problem was with the alerts_status kv lookup, splunk didn't like true or false values inside the lookup fields so I changed them to 0 and 1 accordingly and It worked!

ThreatHunterDiary commented 5 years ago

@agentsofshield My whole alerts_status lookup file is empty.! :/