search

alertmanager / alert_manager

Splunk Alert Manager with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features
Other
81 stars 44 forks source link

Unable to assign alert to a user and change status in Alert Manager v3.0.7 #279

Open askanonymous opened 3 years ago

askanonymous commented 3 years ago

Hi Team,

Giving the background of the incident.

  1. We have Splunk cloud 8.1.x.
  2. Installed Alert Manager app for Splunk v3.0.7,
  3. Installation was as per the documentation.
  4. After installation, we were not able to see the two roles -> alert_manager and alert_manager_user.
  5. Checked with Splunk Support and also mailed the developers at the specified email (at splunkbase).
  6. It turned out to be an issue with sc_admin's capabilities. The Splunk support resolved it and we were able to see the two roles.
  7. We assigned the roles to the users, however while creating the incident for an alert, we were not able to find users and only unassigned option was available. Likewise, we were not able to change status of alerts in the dashboard.
  8. We tried installing same version on Splunk enterprise 8x. (Developer license) All the required features are working.

Screenshots and issue in 1 liner: We are facing issue in assigning alert to any user in Alert Manager. While creating an alert manager incident, we are not able to assign the incident to any user and by default unassigned is selected. Please find the screenshots as below: image

Also, we are unable provide status of incident in the triggered alerts: image

Regards, A

bene2386 commented 3 years ago

@askanonymous Did you solve the problem with change status?

askanonymous commented 3 years ago

@bene2386 - I contacted Splunk Support. We have worked with Splunk support and Splunk OPS team but, as of now, we have not got any resolution. Tried contacting the developer on the mail id provided on the Splunkbase page but haven't received a response yet. I presume that you too are facing the same issue.

bene2386 commented 3 years ago

@askanonymous yes. I got the same problem. If I solve that I will update you.

askanonymous commented 3 years ago

Thanks @bene2386 !!! Much appreciated. I will also keep you posted in case I hear back from the Support or Dev team.

nbheu1 commented 3 years ago

Hi.

We are on: Splunk Cloud version 8.2.2104.1 Alert Manager version 3.0.7

We observe also same issues on status dropdown is greyed out, and not populated. We are not able to edit the incident ticket, and by that this solution is unusable for or Corporate systems.

Would be great to understand what is causing this? If it is lack of permissions mapped on splunk default sc_admin capabilities to Alert Manager role requirement, this need to be looked at.