Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Alert Manager
MD5 checksum (alert-manager_214.tgz) e72325c3ea4b398a2f1899df0ea66246 MD5 checksum (alert-manager_213.tgz) c87f80cc7ce9737f66e2d477217f11b0 MD5 checksum (alert-manager_205.tgz) 48e6abf49b154ad062c72227f3672b35 MD5 checksum (alert-manager_204.tgz) effff22c4dc1a8bbf12468ab05d8053e MD5 checksum (alert-manager_203.tgz) e68c415ba7cc9b5178d19957738cfe3a MD5 checksum (alert-manager_202.tgz) a760dc65403052ea55becedca5289e5f MD5 checksum (alert-manager_201.tgz) 5d736d65c3bdfd7a7994814245eac098 MD5 checksum (alert-manager_20.tgz) 3d2d8b115e17b08152341360915bf49f MD5 checksum (alert-manager_11.tgz) 87e5b2ecefae47b6946e6584c8abdb98
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Alert Manager

Splunk Certified
The Alert Manager adds simple incident workflows to Splunk. The general purpose is to provide a common app with dashboards in order to investigate fired alerts or notable events. It can be used with every Splunk alert and works as an extension on top of Splunk's built-in alerting mechanism.

- Awareness of your current operational situation with the incident posture dashboard
- Analyze root cause of incidents with only a few clicks
- Review and adjust the urgency of incidents to improve operations scheduling
- Dispatch incidents to the person in charge
- Track and report incident workflow KPIs
- Tag and categorize incidents

Please find the full documentation at
For Support, please reach out or open a ticket at GitHub (

Release Notes

Version: 2.1.4

Re-enabled migration scripts to seed default E-mail Templates and Notification Scheme.

Nov. 7, 2016, 5:38 p.m.

Platform Independent


Version: 2.1.3

* Support for non-admin users to modify incidents from Incident Posture dashboard
* Added capability 'am_is_owner' which is required to be an owner of incidents
* Added new alert_manager_admin, alert_manager_supervisor and alert_manager_user role as preparation for upcoming features
* Added support for 'AND' or 'OR' combinations in Suppression Rules
* Added new dynamic owner selection in Custom Alert Action dialog
* Added auto subsequent resolve option to resolve new incidents from the same title
* Added loading indicator to incident posture dashboard when expanding incident to show details
* Improved incident edit dialog to provide better owner search and selection
* Fixed IncidentContext to support https scheme and custom splunk web port
* Enhanced timestamp display in incident history
* Improved table coloring (Splunk 6.5 Feature)
* Lot’s of bugfixes, code cleanups, enhancements and sanitizations. See changelog for details

Oct. 21, 2016, 8:49 a.m.

Platform Independent


Version: 2.0.5

App certification release only - no functional changes included!

May 10, 2016, 8:21 a.m.

Platform Independent

6.5, 6.4, 6.3

Version: 2.0.4

App certification release only - no functional changes included!

April 25, 2016, 5:40 p.m.

Platform Independent

6.4, 6.3

Version: 2.0.3

- Fixed wrong file permissions
- Fixed wrong default notification scheme seed format
- Added missing appIcon
- Fixed a bug where e-mail notifications we not sent correctly
- Fixed a bug where e-mails haven't been displayed correctly on iOS devices
- Fixed results_link and view_link in notification context

April 15, 2016, 9:19 a.m.

Platform Independent

6.4, 6.3

Version: 2.0.2

- Fixed a bug to reenable inline drilldown on Incident Posture again (Splunk 6.4 compatibility)
- Merged a pull request to properly support SMTP authentication
- Fixed a bug where an urgency field in results lead into an error
- Fixed wrong modular alert description
- Removed legacy scripted alert action
- Merged pull request for better quotation in incident posture
- Improved alert filter populating search
- Fixed a bug where not all built-in users are shown in the incident edit modal
- Fixed incident posture to refresh single values automatically

April 14, 2016, 9:44 a.m.

Platform Independent

6.4, 6.3

Version: 2.0.1

- Fixed localization support
- Changed alert column in incident settings to read-only
- Fixed a bug where token syntax in notifications didn't work
- Fixed notifications to support multi-valued fields or comma-separated list of recipients

Jan. 20, 2016, 11:05 a.m.

Platform Independent

6.4, 6.3

Version: 2.0

This release is only supported under v6.3 or later!

- Changed from scripted alert action to Custom Alert Action framework
- Added a customizable incident title
- Added support for extended notification schemes
- Added support for incident suppression (False positives, maintenance windows...)
- Added migration script to ingest default data (email templates and notification schemes) as well as migrating old incident settings to Custom Alert Action parameters
- Added new Splunk v6.3 style single values
- Added support to dynamically select a template by referencing a token in the notification scheme
- Added support for multiple dynamic recipients by using multi-valued fields and a token in the notification scheme
- Added a search command 'modifyincidents' to update an incident trough a search
- Added a general default email template
- Changed token reference in e-mail templates to $result.fieldname$ syntax
- Bugfixes and performance improvements

Nov. 12, 2015, 7:57 a.m.

Platform Independent


Version: 1.1

- Fixed support for per-result alert actions
- Added support for search results in e-mail templates
- Enhanced incident details with description form saved search and selectable list of fields
- Bugfixes

March 12, 2015, 10:25 a.m.

Platform Independent

6.3, 6.2

IT Operations
Product Support
Splunk Enterprise
Splunk Cloud
Content Type
Splunk Versions
CIM Versions
CIM 4.6, 4.5, 4.4, 4.3, 4.2, 4.1, 4.0, 3.0
Platform Independent
Built by
Alert Manager
Contact Developer
Subscribe Share

Splunk Certification Program

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2017 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.