Event Summary Overview
The Event Summary Page is the entry point to manage all events.
In Alert Manager Enterprise, the term Event describes a Splunk Alert managed by the AME App. Note that a Splunk Alert that matches the same title can be appended to an existing AME Event. See the Alert Action Setup to find out more about how Events are created and updated.
Alert Manager supports the Splunk Dark UI-theme. Dark mode can be enabled by
configuring the theme in the Splunk User Preferences.
Single Value Indicators
On the top of the Events Summary, single values indicators show the number of events over the selected time range split by priority.
Single Value Indicators can be hidden/shown by pressing the following buttons:
| Button | Function |
|---|---|
 | Show Single Values |
 | Hide Single Values |
About Priorities
Priorities are calculated by using the Alert's urgency and impact settings:
| Impact | Urgency | Priority |
|---|---|---|
| low | low | informational |
| low | medium | low |
| low | high | medium |
| medium | low | low |
| medium | medium | medium |
| medium | high | high |
| high | low | medium |
| high | medium | high |
| high | high | critical |
Event Table
The Event Table shows the following essential information:
- Title
- Tenant
- Status
- Priority
- Assignee
To copy the title click on the Copy Title button.
| Button | Function |
|---|---|
 | Copy Title |
Quick Actions are available to change Event attributes or execute further actions by clicking the following buttons:
| Button | Function |
|---|---|
 | Change Assignee |
 | Change Status |
 | Actions |
The Actions Menu allows further actions:
- Edit Tags
- Adjust the Notification Scheme
- Adjust the Urgency
- Add a Resolution
- Delete the event
- Display Action Fields
- Run a Drilldown Search to find the origin Splunk Search that created the event
For further details on how to work with Events, see the Working with Events chapter.
Event Details
To open the Event Details, click on a single event in the accordion table.
On the top of the Event Details, the following information is available:
- Event ID
- Notification Scheme
- Count (the number of grouped events with the same title)
- Tags
- First Seen (the timestamp of the first event in grouped events with the same title)
- Action Fields
Further down, a list of tabs contains more information:
- Notable fields
- Data
- History
- Comments
Filters
Events displayed in the summary can be filtered. Use the following buttons to change the filter:
| Button | Function |
|---|---|
 | Open filter |
 | Reset filter |
The Filters will open up on the right side:
Currently, the following filters are available:
- Time (Default: Last 7 days)
- Tenant
- Title
- Assignee
- Priority
- Tags
- Status
- Resolution
- Search
- Saved Search
Filtering by search
The Search field allows filtering events. The filter uses Splunk syntax and supports the following filters:
event_keyevent_titlefields.field_name- free text
Applying the filter
Pressing the Apply Filter button or entering CTRL-ENTER will apply the filter.
Examples
vulnerability fields.dvc="host-1" OR fields.dvc="host-2"
event_title="Disk Usage*" OR event_title="High Memory*" fields.dvc="server-*"
Refresh Interval
The refresh interval of the Event Summary can be enabled or disabled and set to a specific value. by pressing the following button:
| Button | Function |
|---|---|
 | Refresh Interval |
Following Options are available:
- No Refresh
- 1 Minute
- 5 Minutes
- 15 Minutes
- 30 Minutes
- 1 Hour
Footer
The footer shows information, the absolute time range selected by the filer/timerange picker, how many events have been found, and the last reload of the data.
The footer can be hidden/shown by pressing the following buttons:
| Button | Function |
|---|---|
 | Hide footer |
 | Show footer |