Skip to content

pythonlearner7/TA-alert_manager

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
default
default
 
 
metadata
metadata
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Technology Add-on for Alert Manager

Changelog

  • 2015-07-26 simon@balz.me
    • Changed TRUNCATE to something else than zero, since it could cause an indexer crash
  • 2015-04-24 simon@balz.me
    • Added limits.conf to ensure KV extraction for long alert_metadata events
  • 2015-04-15 simon@balz.me
    • Fixed a bug for large alert_metadata events
  • 2015-01-04 simon@balz.me
    • Fixed a bug where very large alert result sets have been truncated
  • 2014-12-28 mika.borner@gmail.com
    • Fixed permissions to read *
  • 2014-12-28 simon@balz.me
    • Fixed missing sourcetype
  • 2014-12-21 simon@balz.me
    • Fixed a bug to index correctly new incidents fired from realtime alerts
  • 2014-12-18 simon@balz.me
    • Installation instructions update
  • 2014-12-17 mika.borner@gmail.com
    • App split into alert_manager and TA-alert_manager

Release Notes

  • v2.0 / 2015-07-26
    • Bugfix release
  • v0.3 / 2015-01-19
    • Bugfix release
    • Final release for Splunk Apptitude submission
  • v0.3 / 2014-12-28
    • Bugfix release

Credits

Prerequisites

  • Splunk v6.2 and above

Usage

Deployment Matrix

Alert Manager Add-on for Alert Manager
Search Head x x
Indexer x

Note: If you forward events from the search head trough heavy forwarders to the indexer, install the Add-on on the heavy forwarder and disable the index there.

Installation

  1. Unpack and install app to $SPLUNK_HOME/etc/apps
  2. Configure indexes.conf in local/ if you want to use your own index
    • Disable 'alerts' index
    • Create your own index and configure on alert manager setup page
  3. Restart Splunk

Known Issues

  • n/a

License

  • This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
  • Commercial Use, Excerpt from CC BY-NC-SA 4.0:
    • "A commercial use is one primarily intended for commercial advantage or monetary compensation."
  • In case of Alert Manager this translates to:
    • You may use Alert Manager in commercial environments for handling in-house Splunk alerts
    • You may use Alert Manager as part of your consulting or integration work, if you're considered to be working on behalf of your customer. The customer will be the licensee of Alert Manager and must comply according to the license terms
    • You are not allowed to sell Alert Manager as a standalone product or within an application bundle
    • If you want to use Alert Manager outside of these license terms, please contact us and we will find a solution

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published