In our previous blog post, we introduced you to tags and rules. This time we’re taking a closer look at Notifications and Workflow Actions.

Notifications

Notifications can be triggered when a new event is e.g. created, modified, or closed. Alert Manager users are already familiar with sending out emails to recipients. With Alert Manager Enterprise, in addition to email, we currently support Slack notifications and Webhooks!

We added an easy-to-use Notification Manager for creating and managing Notification schemes.

Pressing the add button creates a new scheme. We can add multiple Notification Commands for each status available. Within the notification command, select the Channel and then configure the rest of the options.

 

If you create a new Notification Scheme, remember to go back to the Template Manager to configure which template should use the scheme.

Stay tuned for more channels already on our roadmap!

Workflow Actions

Alert Manager Enterprise uses Splunk’s Workflow Actions to run searches and to open links with GET/POST. Here’s a sample Workflow Action that runs a search:

 

 

To run a Workflow Action, select the appropriate action on the top right of the most recent results tab.

 

Alternatively, if there are previous results, the Workflow Action button is available on each row of earlier results (data tab).

 

To see all the available fields for Workflow Action, click on the “Available Fields” Button. Note that there is a list of fields prefixed with “ame,” which contain metadata about the event.

 

Note: For users familiar with the old Alert Manager, Workflow Actions replace the “Drilldown Action” and the “External Workflow Actions” functionality.

Conclusion

Notifications and Workflow Actions are nifty little features that will help you stay up-to-date with your events and when investigating an event.

We hope you come back again for the last part of our blog series, when we will talk about one of the most requested features for AME: Multi-Tenancy and our release plans!