Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

AME not showing alerts in app

HopyardMiner
New Member
2 weeks ago

I have successfully setup AME and tested the tenant connection and get back connector is healthy.  I can also send test event from the tenant setup page and can see it in the default index.  If I go to events there is not test not any of the alerts I have configured to send to AME even though I can see them in the traditional triggered alerts as they are still configured as well.  Looking in _internal I do see the below error:

2025-06-06T11:24:06.612+00:00 version=3.4.0 log_level=ERROR pid=1615220 s=AbstractHECWrapper.py:send_chunk:304 uuid=***************** action=sending_event reason="[Errno 111] Connection refused"

Seems to suggest there is an issue with HEC, but the tenant shows green/healthy and the test comes to the index.  Any assistance would be appreaciated.

Also, if I create an event from the Events page, that does show up in the app:  

HopyardMiner_0-1749220532662.png

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply

seiimonn
New Member
2 weeks ago

Hi!

If the logs produced by AME can not be sent to the index, you will not get any alert data when expanding events.

It would be easiest if you could open a support case in our support portal and provide the output of the following search as a CSV export.

index=_internal source=*ame* ERROR | table _time host source _raw

 

Regards,
Simon

0 Karma
Reply

HopyardMiner
New Member
2 weeks ago

Seeing events now.  The default template needed a notification assigned and that notification needed to be defined as there was none.  The error mentioned above is still showing but am not sure if it is causing any seen issues.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...