Splunk Enterprise Security

Can we use Splunk IT Service Intelligence as an Event Management Layer between Splunk and a "Tickets System"?


Hi to everyone

I need to add an "Event Management software layer", between Splunk and a "Tickets System" ( a "Event Management", just like Splunk App for Enterprise Security with Notable Events), for human revision.

There's a paid app, "Splunk IT Service Inteligence" (https://splunkbase.splunk.com/app/1841/ ), that looks like an "Event Management software", and works with the Common Information Model.

Is this app the "Event Management Layer" that I'm searching for, or do I need an external one?


0 Karma

Splunk Employee
Splunk Employee

Splunk IT Service Intelligence has a "Notable Events Review" dashboard that displays information about notable events, such as time, owner, status, and severity. It allows you to triage notable events, assign event ownership, examine event details, run custom actions, and open contributing KPIs and affected services in Deep Dives to investigate root cause. Here's a link to the documentation on how to use it.


Hope this helps.